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Introduction 


We are pleased to release the revised and updated lab manual for CCNA version 3, 
This lab manual is designed as a practical supplement to the concepts taught in the 
CCNA - version 3 mapped Routing and Switching course at Zoom Technologies 
India Pvt. Ltd. 

We have lab exercises on all the topics covered in the CCNA-version 3 course. All 
the new topics have been given extensive coverage. This comprehensive manual 
will sufficiently prepare a student for the CCNA exam and more importantly equip 
him / her with the right skills to design, install, maintain and troubleshoot WAN 
networks in the real world. We have also added a challenge lab at the end, to give 
the student a feel of the practical aspects of the CCNA exam. 

Each of the exercises is divided into the five sections: 

1 . Objective 

2. Topology 

3. Tasks 

4. Configuration 

5. Verification 

The lab manual leads the students from the basic initial configuration of a router to 
advanced topics like inter-vlan routing, OSPF- multi area configuration, EIGRP fine 
tuning, BGP configuration, password recovery, etc. 

We hope that this lab manual would be helpful to the students in solidifying their 
foundation in WAN networking. Any feedback or suggestions to improve this would 
be gratefully accepted. 
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EXERCISE 2 : DECIMAL TO BINARY CONVERSION 


DECIMAL ANSWER IN BINARY SCRATCH AREA 
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EXERCISE 3: ADDRESS CLASS IDENTIFICATION 





ADDRESS 

CLA! 

is 




126.10.1.1 


128.10.1.1 


162.78.1.10 


39.255.255.255 


220.1.1.10 
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EXERCISE 4: NETWORK AND HOST IDENTIFICATION BASED ON 

CLASS OF ADDRESS 


CIRCLE THE NETWORK PORTION CIRCLE THE HOST PORTION 

OF BELOW ADDRESSES OF BELOW ADDRESSES 
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EXERCISE 5: DEFAULT SUBNET MASK 


ADDRESS CLASS 
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EXERCISE 6: NETWORK ADDRESS 

USING THE IP ADDRESS AND SUBNET MASK SHOWN, WRITE THE NETWORK ADDRESS 


IP ADDRESS AND SUBNET MASK NETWORK ADDRESS 
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EXERCISE 7: BROADCAST ADDRESS 

USING THE IP ADDRESS AND SUBNET MASK SHOWN, WRITE THE BROADCAST ADDRESS 


IP ADDRESS AND SUBNET MASK BROADCAST ADDRESS 
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SLASH NOTATION 

SUBNET MASK 



/29 


/22 


/ 12 


/25 


/18 




CCNA Lab Manual 


Page 


www.zoomgroup.com 






TECHNOLOGIES 


EXERCISE 9: BINARY TO HEXA DECIMAL CONVERSION 
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EXERCISE 10: HEXADECIMAL TO BINARY CONVERSION 
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EXERCISE 11: OMISSION OF ZERO'S 






IPv6 ADDRESS 

T~ IPv6 ADDRESS U 

AFTER OMISSION OF ZERO'S 





2001;2222:0000:0000:0000:0000;0000;0001 


20DB:COA8:0101:0000:0000:0000:0000:0042 


2000:0000:0000:4DAD:0023:0046:OOBB:0101 


FF02:0000:0000:0000:0000:0000:0000:0001 


0000:0000:0000:0000:0000:0000:0000:0001 
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EXERCISE 12: REPLACING SUCCESSIVE FIELDS OF ZERO'S WITH 
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EXERCISE 13: CUSTOM SUBNET MASK (SUBNETTING) 


PROBLEM : 1 

Number of needed subnets 

14 

Network Address 

200.10.10.0 

Address class 


Default subnet mask 


Custom subnet mask 


Total number of subnets 


Total number of host addresses 


Number of usable addresses 


Number of bits borrowed from the host 

portion 
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PROBLEM : 2 

Number of needed usable hosts 

60 

Network Address 

171.10.0.0 

Address class 


Default subnet mask 


Custom subnet mask 


Total number of subnets 


Total number of host addresses 


Number of usable addresses 


Number of bits borrowed from the host 

portion 
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PROBLEM : 3 

Network Address 

138.25.0.0/26 

Address class 


Default subnet mask 


Custom subnet mask 


Total number of subnets 


Total number of host addresses 


Number of usable addresses 


Number of bits borrowed from the host 

portion 
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PROBLEM : 4 

Number of needed subnets 

2000 

Network Address 

111.0.0.0 

Address class 


Default subnet mask 


Custom subnet mask 


Total number of subnets 


Total number of host addresses 


Number of usable addresses 


Number of bits borrowed from the host 

portion 
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PROBLEM : 5 

Number of needed usable hosts 

1000 

Network Address 

165.34.0.0 

Address class 


Default subnet mask 


Custom subnet mask 


Total number of subnets 


Total number of host addresses 


Number of usable addresses 


Number of bits borrowed from the host 

portion 
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PROBLEM : 6 

Network Address 

192.100.1.0/29 

Address class 


Default subnet mask 


Custom subnet mask 


Total number of subnets 


Total number of host addresses 


Number of usable addresses 


Number of bits borrowed from the host 

portion 
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EXERCISE 14: VARIABLE LENGTH SUBNET MASK (VLSM) 


PROBLEM: 1 

The administrator gave the networking team 192.168.1.0/24 to use for addressing the entire network. 
After subnetting the address, the team is ready to assign the addresses 


192.168.1.0/24 



120 Hosts 


60 Hosts 


20 Hosts 
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The administrator gave the networking team 192.168.164.0/24 to use for addressing the entire 
network. After subnetting the address, the team is ready to assign the addresses. The administrator 
plans to configure ip subnet-zero and use RIP v2 as the routing protocol. As a member of the 
networking team, you must address the network and at the same time conserve unused addresses for 
future growth. 


SQ/Q IP Address 


SO/1 IP Address 



F0/0 IP Address 


SO/1 IP Address 



G0/0 IP Address 


S0/0 IP Address 



F0/0 IP Address 



11 Hosts 


15 Hosts 


5 Hosts 
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LAB 1: UNDERSTANDING IPv4 NETWORK COMMUNICATION 


OBJECTIVE: 

To verify communication between same network and different network computers after assigning 
IPv4 Address and Default Gateway. 


TOPOLOGY: 


Setup Ethernet connectivity for the lab as below : 



PC-1 

192. 168.201.10/24 

PC-2 

192.168.201.20/24 


PC-3 192.168.201.30/24 


PC-4 

1 92, 1 68.202.1 0/24 

PC-5 

192.168.202.20/24 


PC-6 192.168.202.30/24 


TASK: 

• Assigning IPv4 address to computers. 

• Verify communication between the same and different network computers. 

• Assigning Default Gateway address to computers. 

• Verify communication between the different network computers. 
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Assigning IPv4 Address to computers 
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On Windows 7 or Windows S.x or Windows 10 Computer 

• Open Network and Sharing Center 

• Click on Change adapter settings and Click Open. 

• Right-click on your local adapter and select Properties. 

• In the Local Area Connection Properties window select Internet Protocol Version 4 {TCP/I Pv4) 

then click the Properties button. 

• Now select the radio button Use the following IP address and enter in the IP address and Subnet 
mask and click OK. 


Internet Protocol Version 4 (TCP/IPv4) Properties ■ 

Genera! 

You cart get IP settings as&gned automatically if your network Supports 
this capability. Otherwise, you need to ask your network administrator 
for the appropriate I? settings, 


. Obtain an IP address automatically 
• Use die following IP address; 

IP address; 


Subnet mask; 

Default gateway; - 

Obtain DNS ser rer address automatically 

•jUse the following DNS server addresses: 

Preferred DNS server; 


192 . l£3 . 201 . 10 


2SS > 255 , 255 , 0 


Alternative DNS server: 


Validate settings upon exit 


OK 


Advanced,., 


Caned 


• Verify above configured ip address by giving below command. 
C:\> ipconfig 

Windows IP Configuration 
Ethernet adapter Ethernet: 

Connection-specific DNS Suffix . : 

IPv4 Address. : 192.168.201.10 

Subnet Mask : 255.255.255.0 

Default Gateway : 


• Repeat the above steps to configure ip address on all windows based computers. 
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On Linux 
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• Give below command to configure ip address 

bt ~ # ifconfig ethO 192.168.201.10 

• To verify the configured ip address by giving below command. 

bt # ifconfig 

ethO Link encap : Ethernet HWaddr 00:21:97:73:58:21 

inet addr :1 92, 168, 201, 10 Beast : 1 92 . 1 68 . 201 . 255 Mask : 255 . 255 . 255 . 0 
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric :1 
RX packets : 171979 errors : 0 dropped :0 overruns :0 frame :0 
TX packets : 341932 errors : 0 dropped : 0 overruns : 0 carrier : 0 
collisions :0 txqueuelen : 1000 

RX bytes : 12370727 (11,7 MiB) TX bytes : 4634574 62 (441,9 MiB} 

Interrupt: 20 Base address : OxeSOO 

lo Link encap: Local Loopback 

inet addr : 127 . 0 ♦ 0 * 1 Mask : 255 , 0 * 0 , 0 
UP LOOPBACK RUNNING MTU: 16436 Metric :1 
RX packets: 18 errors : 0 dropped: 0 overruns :0 frame :0 
TX packets: 18 errors :0 dropped: 0 overruns : 0 carrier : 0 
RX bytes : 1796 (1.7 KiB) TX bytes:!796 (1.7 KiB) 


• Repeat the above steps to configure ip address on all linux based computers. 


Verify communication between the same and different network computers. 


From 192.168.201.10 computer (i.e. PCI] ping other computers 

ping 192.168.201.20 

PING 192.168.201.20 (192.168.201.20) 56(84) bytes of data. 

64 bytes from 192.168.201.20: icmpseq^l ttN64 time=24.Q ms 
64 bytes from 192.168.201.20: icmp_seq=2 ttl=64 time=24.Q ms 
64 bytes from 192.168.201.20: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.201.20: icmp_seq=4 ttN64 time=24.0 ms 

ping 192.168.201.30 

PING 192.168.201.30 (192.168.201.30) 56(84) bytes of data. 

64 bytes from 192.168.201.30: icmp_seq=l ttl=64 time=24.0 ms 
64 bytes from 192.168.201.30: icmp_seq=2 ttl=64 time=24.0 ms 
64 bytes from 192.168.201.30: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.201.30: icmp_seq=4 ttl=64 time=24.0 ms 

ping 192.168.202.10 

connect: Network is unreachable 
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From 192.168.202.10 computer ti.e. PC4) ping other computers 

ping 192.168.202.20 


PING 192.168.202,20 (192.168.202,20) 56(84) bytes of data. 

64 bytes from 192.168.202.20: icmp_seq=l ttl=64 time=24.0 ms 
64 bytes from 192.168.202.20: icmp_seq=2 ttl=64 time=24.0 ms 
64 bytes from 192.168.202.20: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.202.20: icmp_seq=4 ttl=64 time=24.0 ms 

ping 192.168.202.30 

PING 192.168.202.30 (192.168.202.30) 56(84) bytes of data. 

64 bytes from 192.168.202.30: icmp_seq=l ttl=64 time=24.0 ms 
64 bytes from 192.168.202.30: icmp_seq=2 ttl=64 time=24.0 ms 
64 bytes from 192.168.202.30: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.202.30: icmp_seq=4 ttl=64 time=24.0 ms 


ping 192.168.201.10 

connect: Network is unreachable 


From 192.168.201.10 computer (i.e. PCI) trace network communication path to other computers 


tracert 192.168.201.20 (Windows) or traceroute 192.168.201.20 (Linux) 

traceroute to 192.168,201.20 (192 . 168 . 201 . 20) , 30 hops max, 38 byte packets 
1 192.168.201.20 (192.168.201.20) 1.456 ms 0.193 ms 0.114 ms 


tracert 192,168.201,30 (Windows) or traceroute 192.168.201,30 (Linux) 

traceroute to 192,168,201,30 (192,168,201,30), 30 hops max, 38 byte packets 
1 192,168,201,30 (192,168,201,30) 1.156ms 0.193ms 0.114ms 


From 192.168.202.10 computer (i.e. PC4) trace network communication path to other computers 


tracert 192.168.202.20 (Windows) or traceroute 192.168.202.20 (Linux) 

traceroute to 192.168.202.20 (192.168,202.20), 30 hops max, 38 byte packets 
1 192.168.202,20 (192.168.202.20) 1.456 ms 0.193 ms 0.114 ms 


tracert 192,168.202,30 (Windows) or traceroute 192.168.202.30 (Linux) 

traceroute to 192 . 168 , 202 , 30 (192,168,202,30), 30 hops max, 38 byte packets 
1 192.168,202.30 (192,168.202.30) 1.156ms 0.193ms 0.114ms 
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Assigning Default Gateway address to computers 


On Windows 7 or Windows S.x or Windows 10 Computer 

• Open Network and Sharing Center 

• Click on Change adapter settings and Click Open. 

• Right-click on your local adapter and select Properties. 

• In the Local Area Connection Properties window select Internet Protocol Version 4 {TCP/I Pv4) 

then click the Properties button. 

• Now select the radio button Use the following IP address and enter Default Gateway and click 


OK. 


Internet Protocol Version 4 (TCP/ IPv4) Properties 


General 


You can get IP settings as&gned automatical if your ratwork Supports 
this capability. Otherwise, you need to ask your net/'orkaom nistrator 
for the appropriate IP settings, 

) Obtain an IP address automatically 
• Use die following IP address; 


IP address: 


Subnet mask; 


Default gateway: 


192 . l£3 . 2G1 . 10 


255 . 255 , 255 , 0 


192 , 163 . 201 , 1 


Obtain DNS ser ;er address automatical :y 

■•jUse the following DNS server addresses: 

Preferred DNS server; 

Alternative DNS server: 

..Validate setbngs upon exit 


OK 


Advanced,., 


Caned 


• Verify above configured default gateway by giving below command. 
C:\> ipconfig 

Windows IP Configuration 
Ethernet adapter Ethernet: 

Connection-specific DNS Suffix . : 

IPv4 Address. : 192.168.201.10 

Subnet Mask : 255.255.255.0 

Default Gateway : 192.168.201.1 


• Repeat the above steps to configure default gateway on all windows based computers. 
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On Linux 


• Give below command to configure default gateway 
bt ~ # route add default gw 192.168.201.1 


• To verify the configure default gateway by giving below command. 


bt ~ # route -n 

Kerne 1 IP routing table 
Destination Gateway 

192*168*201*0 0. 0*0.0 

127.0,0,0 0.0. 0.0 

0*0*0*0 192*168*201*1 


Genmask 

255*255*255*0 

255.0.0.0 

Q*Q*Q*Q 


Flags Metric Ref 
U 0 0 

U 0 0 

UG 0 0 


Use I face 
0 ethO 
0 lo 
0 ethO 


• Repeat the above steps to configure default gateway on all linux based computers. 


Verify communication between the different network computers. 


From 192.168.201.10 computer fi.e. PCI] ping other computers 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq=l ttl=63 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=63 time=24.0 ms 

ping 192.168.202.20 

PING 192.168.202.20 (192.168.202.20) 56(84) bytes of data. 

64 bytes from 192.168.202.20: icmp_seq=l ttl=63 time=24.0 ms 
64 bytes from 192.168.202.20: icmp_seq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.202.20: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.202.20: icmp ,seq=4 ttl=63 time=24.0 ms 

ping 192.168.201.30 

PING 192.168.202.30 (192,168.202.30) 56(84) bytes of data. 

64 bytes from 192.168.202.30: icmp_seq=l ttl=63 time=24.0 ms 
64 bytes from 192.168.202.30: icmp_seq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.202.30: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.202.30: icmp_seq=4 ttl=63 time=24.0 ms 
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From 192.168.202,10 computer ti.e. PC4) ping other computers 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l tt!=63 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_$eq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=63 time=24.0 ms 

ping 192.168.201.20 

PING 192.168.201.20 (192.168.201.20) 56(84) bytes of data. 

64 bytes from 192.168.201.20: icmp_seq=l ttl=63 time=24.0 ms 
64 bytes from 192.168.201.20: icmp_seq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.201.20: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.201.20: icmp_seq=4 ttl=63 time=24.Q ms 

ping 192.168.201.30 

PING 192.168.201.30 (192.168.201.30) 56(84) bytes of data. 

64 bytes from 192.168.201.30: icmp_seq=l ttl-63 time-24.0 ms 
64 bytes from 192.168.201.30: icmp_seq=2 ttl=63 time=24.Q ms 
64 bytes from 192.168.201.30: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.201.30: icmp_seq=4 ttl=63 time=24.0 ms 

From 192.168.201.10 computer (i.e. PCI) trace network communication path to other computers 

tracert 192.168.202.10 (Windows) or traceroute 192.168.202.10 (Linux) 

traceroute to 192,168*202*10 (192*168*202*10), 30 hops max, 38 byte packets 

1 192.168.201.1 (192*168*201*1) 1.086ms 1*124 ms 1.144ms 

2 192.168.202.10 (192.168.202.10) 2*295 ms 2.156 ms 2*209 ms 


tracert 192*168*202*20 (Windows) or traceroute 192.168.202.20 (Linux) 

traceroute to 192*168*202*20 (192*168*202*20), 30 hops max, 38 byte packets 

1 192*168*201 *1 (192,168. 201,1) 1,086ms 1*124 ms 1,144ms 

2 192*168*202*20 (192*168*202*20) 2*295 ms 2*156 ms 2.209ms 


From 192.168.202.10 computer fi.e. PC4) trace network communication path to other computers 

tracert 192*168*201*10 (Windows) or traceroute 192.168,201*10 (Linux) 

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets 

1 192*168.202*1 (192*168*202*1) 1.086 ms 1*124 ms 1.144 ms 

2 192*168*201*10 (192*168*201*10) 2.295 ms 2,156 ms 2.209 ms 


tracert 192*168.201*20 (Windows) or traceroute 192.168.201*20 (Linux) 

traceroute to 192.168*201.20 (192*168*201*20), 30 hops max, 38 byte packets 

1 192*168*202*1 (192*168*202*1) 1*086 ms 1*124 ms 1.144 ms 

2 192.168.201*20 (192.168.201.20) 2.295 ms 2.156 ms 2.209 ms 
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LAB 2: UNDERSTANDING IPv6 NETWORK COMMUNICATION 


OBJECTIVE: 

To verify communication between same network and different network computers after assigning 
IPv6 Address and Default Gateway. 


TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 



1 

1 




Fa o/i 





PC-2 2001:11111:20/64 

PC-3 2001:11111:30/64 



Computer 

IP Address / Mask 

PC-4 

2001 :2222::1 0/64 

PC 5 2001:2222::20/G4 

PC-6 

2001:22221:30/64 


TASK: 

• Assigning IPv6 address to computers. 

• Verify communication between the same and different network computers. 

• Assigning Default Gateway address to computers. 

• Verify communication between the different network computers. 
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Assigning IPv6 Address to computers 
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On Windows 7 or Windows S.x or Windows 10 Computer 

• Open Network and Sharing Center 

• Click on Change adapter settings and Click Open. 

• Right-click on your local adapter and select Properties. 

• In the Local Area Connection Properties window select Internet Protocol Version 6 {TCP/IPv6) 

then click the Properties button. 

• Now select the radio button Use the following IPv6 address and enter in the IP address and Subnet 
prefix and click OK. 



• Verify above configured ip address by giving below command. 

C:\> ipconfig 

Windows IP Configuration 
Ethernet adapter Ethernet: 

Connection-specific DNS Suffix . : 

IPv6 Address : 2001:1111::10 

Link-local IPv6 Address : fe80::449d:6a9a:2c80:80dc%64 

Default Gateway : 

• Repeat the above steps to configure ip address on all windows based computers. 
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On Linux 


• Give below command to configure ip address 

bt ~ # ifconfig ethO inet6 add 2001 : 1111 :: 10/64 

• To verify the configured ipv6 address by giving below command. 

bt # ifconfig 

ethO : flags— 41 63<UF, BROADCAST, RUNNING, MULT I CAS T> mtu 1500 

inet6 2001 ; 1111 : ; 10 prefixlen 64 scopeid GxQ<global> 
ether 44 : 8a : 5b : d4 : 3 9 : 3c txqueuelen 1000 (Ethernet) 

RX packets 230 bytes 82110 (80/1 KiB) 

RX errors 0 dropped 0 overruns 0 frame 0 
TX packets 121 bytes 19549 (19.0 KiB) 

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 

lo: flags-73<UP, LOOPBACK, RUNNING> mtu 65536 
inet 127.0.0.1 netmask 255.0.0.0 
inet6 ::1 prefixlen 128 scopeid QxlO<host> 
loop txqueuelen 0 (Local Loopback) 

RX packets 0 bytes 0 (0*0 B) 

RX errors 0 dropped 0 overruns 0 frame 0 
TX packets 0 bytes 0 (0*0 B) 

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 

• Repeat the above steps to configure ip address on all linux based computers. 


Verify communication between the same and different network computers. 


From 2001:1111::10 computer fi.e. PCI) ping other computers 

ping 2001:1111::20 (Windows) or ping6 2001:111!::20 (Linux) 

PING 2001 :1111::20(2001:1 111: :20) 56 data bytes 
64 bytes from 2001:1111 ::20: icmp_seq=l ttl=64 time=0.494 ms 
64 bytes from 2001:1111::20: icmp_seq=2 ttl=64 time=0.361 ms 
64 bytes from 2001:1111::20: icmp_seq=3 ttl=64 time=0.335 ms 
64 bytes from 2001:1111::20: icmp_seq=4 ttl=64 time=0.336 ms 

ping 2001:1111::30 (Windows) or pingg 2001:1111::30 (Linux) 

PING 2001 :1111::30(20Q1: 1 111 ::30) 56 data bytes 
64 bytes from 2001:1111::30: icmp_seq=l ttl=64 time=0.494 ms 
64 bytes from 2001:1111::30: icmp_seq=2 ttl=64 time=0.361 ms 
64 bytes from 2001:1111::30: icmp_seq=3 ttl=64 time=0.335 ms 
64 bytes from 2001:1111: :30: icmp_seq=4 ttl=64 time=0.336 ms 

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux) 

connect: Network is unreachable 


CCNA Lab Manual 


Page | 30 


www.zoomgroup.com 




ZOOIV 


TECHNOLOG IE 



From 2001:2222::10 computer fi.e. PC4) ping other computers 

ping 2001:2222::20 (Windows) or ping6 2001:2222::20 (Linux) 

PING 2001:2222::20(2001:2222::20) 56 data bytes 
64 bytes from 2001:2222::20: icmp_seq=l ttl=64 time=0.494 ms 
64 bytes from 2001:2222: ;20: icmp_seq=2 ttl=64 time=0.361 ms 
64 bytes from 2001:2222 :;20: icmp_seq=3 ttl=64 time=0.335 ms 
64 bytes from 2001:2222::20: icmp_seq=4 ttl=64 time-0.336 ms 

ping 2001;2222;:30 (Windows) or pingG 2001:2222::30 (Linux) 

PING 2001:2222::30(2001:2222::30) 56 data bytes 
64 bytes from 2001:2222::30: icmp_seq=l ttl=64 time=0.494 ms 
64 bytes from 2001:2222 ::30: icmp_$eq=2 ttl=64 time=0.361 ms 
64 bytes from 2001:2222 ::30: icmp_seq=3 ttl=64 time=0.335 ms 
64 bytes from 2001:2222::30: icmp_seq=4 tt I =64 time=0.336 ms 

ping 200l:llll::l0 (Windows) or ping6 2001:1111::10 (Linux) 

connect: Network is unreachable 


From 2001:1111::10 computer (i.e. PCI) trace network communication path to other computers 

tracert 2001 : 1111 :: 20 {Windows) or traceroute6 2001 : 1111 :: 20 (Linux) 

trace route to 2001:1111: :2G (2001:1111: :20) from 2001:1111: : 10, 30 hops max, 16 byte 
1 2001:1111: :2G {2001 : 1111 :: 20) 3005.56ms !H 3006.88ms !H 3005.99 


tracert 2001 : 1111 :: 30 (Windows) or traceroute6 2001 : 1111 :: 30 (Linux) 

trace route to 2001:1111: :30 (2001:1111: :30) from 2001:1111: :10, 30 hops max, 16 byte 
1 2001:1111: :30 (2001 : 11 1 1 : : 20 ) 3005.56ms !H 3006.88ms !H 3005.99 


From 20Q1;2222::10 computer (i.e. PC4) trace network communication path to other computers 

tracert 2001 : 2222 :: 20 (Windows) or traceroute6 2001 : 2222 :: 20 (Linux) 

traceroute to 2001 : 2222 :: 20 (2001 : 2222 :: 20 ) from 2001 : 2222 : : 10 , 30 hops max, 16 byte 
1 2001:2222: :20 (2001 : 2222 :: 20 ) 3005.56ms !H 3006.88ms in 3005.99 


tracert 2001 : 2222 :: 30 (Windows) or traceroute6 2001 : 2222 :: 30 (Linux) 

traceroute to 2001 : 2222 :: 30 (2001 : 2222 :: 30 ) from 2001 : 2222 r : 10 , 30 hops max, 16 byte 
1 2001:2222: :30 (2001 : 2222 :: 20 ) 3005.56ms !H 3006.88ms in 3005.99 
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Assigning Default Gateway address to computers 


On Windows 7 or Windows S.x or Windows 10 Computer 

• Open Network and Sharing Center 

• Click on Change adapter settings and Click Open. 

• Right-click on your local adapter and select Properties. 

• In the Local Area Connection Properties window select Internet Protocol Version 6 {TCP/!Pv6) 

then click the Properties button. 

• Now select the radio button Use the following IPv6 address and enter Default Gateway and click 
OK. 



• Verify above configured default gateway by giving below command. 
C:\> ipconfig 

Windows IP Configuration 
Ethernet adapter Ethernet: 

Connection-specific DNS Suffix . : 

IPv6 Address : 2001:1111::10 

Link-local IPv6 Address : fe80::449d:6a9a:2c80:80dc%64 

Default Gateway : 2001:1111::! 


• Repeat the above steps to configure default gateway on all windows based computers. 
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On Linux 


• Give below command to configure default gateway 

bt ~ # route -6 add default gw 2001:1111: :1 


• To verify the configure default gateway by giving below command. 


bt ~ # route -6 

Kerne 1 IPv6 routing table 


Destination 

Next Hop 

Flag 

Met 

Ref 

Use 

If 

: : 1/128 




Un 

0 

1 

0 

lo 

2001:1111: :/ 64 




U 

256 

0 

2 

ethO 

fe80: :466a:5bff: fed4 : 3899/128 




Un 

0 

1 

0 

lo 

fe30: : / 64 




U 

256 

0 

0 

ethO 

ffOO: : / 8 




U 

256 

0 

0 

e t h 0 

: :/0 

2001 : 1111 : : 1 

UG 

1 

0 

0 

ethO 


bt ^ # 


• Repeat the above steps to configure default gateway on all linux based computers. 


Verify communication between the different network computers. 


From 2001:1111::10 computer fi.e. PCI) ping other computers 

ping 200l:2222::l0 (Windows) or ping6 2001:2222-10 (Linux) 

PING 2001:2222:: 10(2001:2222:: 10) 56 data bytes 
64 bytes from 2001:2222::10: icmp_seq-l ttl=63 time=0.494 ms 
64 bytes from 2001:2222::10: icmp_seq=2 ttl=63 time=0.361 ms 
64 bytes from 2001:2222::10: icmp_seq=3 ttl=63 time=0.335 ms 
64 bytes from 2001:2222::10: icmp_seq-4 ttl=63 time=0.336 ms 


ping 2001:2222::20 (Windows) or ping6 2001:2222-20 (Linux) 

PING 2001:2222::20(2001:2222::20) 56 data bytes 
64 bytes from 2001:2222::20: icmp_seq=l ttl=63 time=0.494 ms 
64 bytes from 2001:2222::20: icmp_seq=2 ttl=63 tlme=0.361 ms 
64 bytes from 2001:2222::20: icmp_seq=3 ttl=63 time=0.335 ms 
64 bytes from 2001:2222::20: icmp_seq=4 ttl=63 time=0.336 ms 


ping 2001:2222::30 (Windows) or ping6 2001:2222-30 (Linux) 

PING 2001:2222::30(2001;2222::30) 56 data bytes 
64 bytes from 2001:2222::30: icmp_seq=l ttl=63 time=0.494 ms 
64 bytes from 2001:2222::30: icmp_seq=2 ttl— 63 time=0.361 ms 
64 bytes from 2001:2222::30: icmp_seq=3 ttl=63 time=0.335 ms 
64 bytes from 2001:2222::30: icmp_seq=4 ttl=63 time=0.336 ms 
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From 2001:2222::10 computer (i.e. PC4) ping other computers 

ping 2001:1111::10 (Windows) or ping6 2001: 1111:: 10 (Linux) 

PING 2001 :1111::10(2001:1 1 11 : : 10) 56 data bytes 
64 bytes from 2001:1111::10: icmp_seq=l ttl=63 time=0.494 ms 
64 bytes from 2001:1111:: 10: icmp_seq=2 ttl=63 time=0.361 ms 
64 bytes from 2001:1111:;10: icmp_seq=3 ttl=63 time=0.335 ms 
64 bytes from 2001:1111::10: icmp_seq=4 ttl=63 time=0.336 ms 

ping 2001;1111::20 (Windows) or pingG 2001:1111;:20 (Linux) 

PING 2001:1111::20(2001:1111::20) 56 data bytes 
64 bytes from 2001:1111::20: icmp_seq=l ttl=63 time=0.494 ms 
64 bytes from 2001:1111::20: icmp_$eq=2 ttl=63 time=0.361 ms 
64 bytes from 2001:1111::20: icmp_seq=3 ttl=63 t1me=0.335 ms 
64 bytes from 2001:1111::20: icmp_seq=4 ttl=63 time=0.336 ms 


ping 2001:1111::30 (Windows) or ping6 2001:1111::30 (Linux) 

PING 2001 :llll::30(200l:l 111 ::30) 56 data bytes 
64 bytes from 2001:1111::30: icmp_seq=l ttl=63 time=0.494 ms 
64 bytes from 2001:1111::30: icmp_seq=2 ttl=63 tfme=0.361 ms 
64 bytes from 2001:1 111 ::30: icmp_seq=3 ttl=63 time=0.335 ms 
64 bytes from 2001:1 11 1::30: icmp_seq=4 ttl=63 time=0.336 ms 

From 2001:1111::10 computer (i.e. PCI) trace network communication path to other computers 

tracert 2001 : 2222 ;; 10 {Windows) or traceroute6 2001 : 2222 :: 10 (Linux) 

traceroute to 2001 : 2222 :: 10 (2001 : 2222 :: 10 ) from 2001:1111: :10, 30 hops max, 16 byte 

1 2001:1111: : 1 (2001:1111::!) 1,12 ms 1.012 ms 1,039 ms 

2 2001 :2222: : 1 0 (2001 : 2222 :: 1 0 ) 1.111 ms 0,884 ms 0,861 ms 


tracert 2001 : 2222 :: 20 (Windows) or traceroute6 2001 : 2222 :: 20 (Linux) 

traceroute to 2001 : 2222 :: 20 (2001:2222 : :20) from 2001 : 1 111 : : 10, 30 hops max, 16 byte 

1 2001:1111: : 1 (2001:1111::!) 1,12ms 1,012 ms 1,039ms 

2 2001:2222: :20 (2001:2222:10) 1.111 ms 0.884 ms 0.861 ms 


From 2001:2222;:10 computer (i.e. PC4) trace network communication path to other computers 

tracert 2001 : 1111 :: 10 (Windows) or traceroute6 2001 : 1111 :: 10 (Linux) 

traceroute to 2001 : 111 1 : : 10 (2001 : 1111 :: 10) from 2001 : 2222 :: 10, 30 hops max, 16 byte 

1 2001:2222::! (2001:2222::!) 1,12ms 1,012ms 1,039ms 

2 2001:1111: :10 (2001 : 11 11 : : 10 ) 1.111 ms 0,884 ms 0.861 ms 


tracert 2001 : 1111 :: 20 (Windows) or traceroute€ 2001 : 1111 :: 20 (Linux) 

traceroute to 2001:1111: :20 (2001:1111: :20) from 2001:2222: :10, 30 hops max, 16 byte 

1 2001:2222::! (2001:2222 :: 1) 1,12 ms 1.012 ms 1.039 ms 

2 2001:1111: :20 (2001:1111:10) 1,111 ms 0,884 ms 0,861 ms 
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LAB 3: INITIAL CONFIGURATION OF ROUTER - IPv4 NETWORK 


OBJECTIVE: 

To get familiarized with Cisco IOS modes and configure a new Router with basic configuration i.e. 
assign IPv4 address on the interfaces and configure passwords etc. 

TOPOLOGY: 

Setup Console and Ethernet connectivity for the lab as below : 


Console 



N 


FO/O V 

192.168. 202.l/24 N 




IW'V. 




\ 

\ 

I 

1 

/ 


/ 


/ 



✓ 



Computer IP Address 
192.168.202.10/24 


TASK: 

• Establish console connectivity 

• Access router via console with an emulation software 

• Get to know Cisco IOS Modes and Show commands 

• Configure Hostname and Interface IP address 

• Configure Connectivity Passwords 

• Configure Privilege Mode / Enable Password 

• Verify configuration in RAM and NVRAM 

• Saving configuration to the router 

• Access the router via Telnet 
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Establish console connectivity 


Establish console connectivity by connecting Router console port to PC Com Port with console cable 
as shown in the picture below: 



Access router via console with an emulation software 


Configure the following parameters In emulation software for accessing router via console port. 



Data bits 8 


Parity 

None 

Stop bits 

1 
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Accessing router via console from Microsoft Windows Computer 

• Start a terminal emulator application, such as PUTTY.exe 

• Select Serial option and set speed to 9600. 

• Click Open 



• Once emulation software is ready, Power-ON the Router. 


Accessing router via console from Linux Computer 

• From the terminal enter the below command 

# minicom -s 


lh«H ■ IK avi *#• 9 7^ 
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• Select Serial port Setup and press enter 


*■ 1 conf tgii ration I + 

| Filenames and paths | 

| rile transfer protocols j 

j i 

[ Modem and dialing 
[ Screen and keyboard 
| Save setup as dfl 
| save setup as,. 

| Exit 

[ Exit from Minicom 



• It will display default COM Port Settings. 



u > 


J S hall Kan i-ais 


kn mriid ixLiSS 


Kanqur-c-- 



mm 15:20 
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Specify COM Port where console cable is connected by pressing "a" and use backspace to delete 


"1" and add "0". 



u j <• 


lh i ll 


K.*ni bI-i 


Cj 


2 fB fcj ' ;l 


15:33 


Change the Bps Setting to 9600 by pressing "e" and select the alphabet matching to 


speed "9600''. 


IFmII - Ev-nimh 


-■‘-[Comm Parameters]----' 


A 

Serial j 

Current : 

9690 tmi 


B 

’ Lockfile L| 





C 

Callin P| 


Speed 

Parity 

Data 

0 

- Callout P| 





E 

- Bps/Par j 

A: 

300 

Li Hone 

S: 5 

F 

- Hardware F j 

B: 

1260 

H t Even 

T: 6 

c 

■ Software F j 

Ci 

2469 

II i Odd 

Ui 7 


1 

D: 

4000 

Ot Ma rlk 

V; B 


Change whic | 

E; 

9600 

Pi Space 


— 

| 

F: 

19200 


Stopbit 


| Screen] 

C: 

38400 


W: 1 


| Save s | 

H: 

57600 


X: 2 


| Save s | 

I: 

115209 

Qi S-N-l 



| Exit ! 

J : 

236400 

Rf 7-E-l 



Exit f| 






1 

Ch 

oice, or 

<Ertter> to exit? | 



* 
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Change the Hardware Flow Control option to No by pressing "F". 






' ‘jh til H*niDl« 




I5:3M 


• Select Save Setup as dfl option. 




Ihcll fcf-nsc-l 


+- — - f configuration] - — - - + 
| Filenames and paths ( 

j File transfer protocols j 
j Serial port setup 
j Modem end dialing 
screen and keyboard 


Save setup as . . 
Exit 

Exit from Nifiicoa 



y ■* ■& -j 


ril ih til 


IL»ni.nln 


j ro 
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• Select "Exit" option. 



yj fe It ■ r " 4ann *™ ^ k — ■- _ j< J J ■< 15:35 

• Once emulation software is ready, Power-ON the Router. 


Get to know Cisco IOS Modes and Show commands 


After the Router boots-up completely, (on a new Cisco Router) it enters setup mode as below: 


— System Configuration Dialog 

Would you like to enter the initial configuration dialog? [yes/no]: no 
Would you like to terminate autoinstall? [yes]: yes 


If you choose "Yes", IOS will prompt questions to gather the information to configure the Router, it is 
recommended to choose "no", since we can configure the Router using IOS commands 


Router > 


To navigate into Privilege mode/Executive Mode from User Mode and Vice-Versa 

Router>enable 

Router# 


Router# disable 
Router > 
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To view router IOS and hardware information 
Router # show version 

Cisco IOS Software, 2800 Software (C2800N M-ADVE NTE RPRISEK9-M ), Version 15.1) 
Technical Support: http://www.cisco.com/techsupport 
Copyright (c) 1986-2015 by Cisco Systems, Inc. 

Compiled Tue 24-Mar-15 09:00 by prod_rel_team 

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fcl) 

Router uptime is 56 minutes 

System returned to ROM by reload at 08:19:55 UTC Sat Jul 9 2016 
System image file is "flash:c2800nm-adventerpri$ek9-mz, 151-4.M10.bin" 

Last reload type: Normal Reload 

This product contains cryptographic features and is subject to United 
States and local country laws governing import, export, transfer and 
use. Delivery of Cisco cryptographic products does not imply 
third-party authority to import, export, distribute or use encryption. 

Importers, exporters, distributors and users are responsible for 
compliance with U.S. and local country laws. By using this product you 
agree to comply with applicable laws and regulations. If you are unable 
to comply with U.S. and local laws, return this product immediately. 

A summary of U.S. laws governing Cisco cryptographic products may be fou: 
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html 

If you require further assistance please contact us by sending email to 
export@cisco.com. 

Cisco 2811 (revision 1.0) with 249856K/12288K bytes of memory. 

Processor board ID FHK1109F34X 
2 FastEthernet interfaces 
2 Serial(sync/async) interfaces 
1 Virtual Private Network (VPN) Module 
DRAM configuration is 64 bits wide with parity enabled. 

239K bytes of non-volatile configuration memory. 

125440K bytes of ATA CompactFlash (Read/Write) 

License Info: 

License UDI: 


Device# PID SN 


*0 CISC02811 FHK1109F34X 

Configuration register is 0x2102 


Router# 
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To view router flash Information 

Router # show flash 

-# — length date/time path 

1 1 Jan 1 2016 13:54:52 +00:00 redirect. out 

2 67926080 Sep 5 2015 14:59:38 +00:00 c2800nm-adventerprisek9-mz,151n 


60235776 bytes available (67932160 bytes used) 


To view router current configuration (RAM) 

Router # show running-config 

Current configuration : 1010 bytes 

i 

v 

version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname Router 
! 

boot-start-marker 

boot-end-marker 

! 

no aaa new-model! 
dotll sysiog 
ip source-route! 
ip cef 

i 

a- 

no ipv6 cef 

i 

a 

multilink bundle-name authenticated! 

i 

a 

crypto pki token default removal timeout 0 

i 

a- 

license udi pid CISC02811 sn FHK1109F34X 

i 

a 

redundancy 

i 

a 

interface FastEthernetO/O 
no ip address 
shutdown 
duplex auto 
speed auto 

i 

a 

interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 

i 

9' 
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interface Seri a 10/0/0 
no ip address 
shutdown 
no fair-queue 


interface Seri a 10/0/1 
no ip address 
shutdown 


ip forward-protocol nd 

no ip http server 

no ip http secure-server 


control-plane 


mgcp profile default 

line con 0 

line aux 0 

line vty 0 4 

login 

transport input all 

I 

scheduler allocate 20000 1000 
end 

Router# 


To view router startup configuration (NVRAM) 

Router# show startup-config 

startup-config is not present 

To navigate into Global Configuration Mode 

Router # configure terminal 
Router (config) # 

Configure Hostname and Interface IP address 

To change the Host Name of Router 

Router (config) # hostname HYD-1 
HYD-l (config) # 

To configure IP address on Ethernet Interface (LAN interface) 

HYD-l (config) # interface Fastethernet 0/0 
HYD-1 (config if) # ip address 192.168.202.1 255.255.255.0 
HYD-l (config-if) # no shutdown 
HYD-1 (config-if) # exit 
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Configure Connectivity Passwords 

To configure telnet password 

HYD-1 (config) # line vty 0 4 
HYD-1 (config-line) ft password zoom 
HYD-1 (config-line) # login 
HYD-1 (config-line) # exit 

To configure console password 

HYD-1 (config) # line console 0 
HYD-1 (config-line) tf password ccna 
HYD-1 (config-line) # login 
HYD-1 (config-line) # exit 

To configure auxiliary password 

HYD-1 (config) # line aux 0 
HYD-1 (config-line) # password cisco 
HYD-1 (config-line) # login 
HYD-1 (config-line) # exit 

Configure Privilege Mode / Enable Password 


Configure privilege password 

HYD-1 (config) # enable password ccna 
HYD-1 (config) # enable secret zoom 

Verify configuration in RAM and NVRAM 


To View Router Current Configuration (RAM) 
HYD-1 # show running-config 

Current configuration : 1241 bytes 


Last configuration change at 08:37:39 UTC Sat Jul 9 2016 
version 15,1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 


hostname HYD-1 


boot-start-marker 

boot-end-marker 
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enable secret 5 $l$DMgk$ITC7TUZVwFn5969wEB2mw. 
enable password ccna 


no aaa new-model 


dotll syslog 
ip source-route 


ip cef 


no ipv6 cef 


multilink bundle-name authenticated 
crypto pki token default removal timeout 0 
! 

license udi pid CISC02811 sn FHK1109F34X 


redundancy 

! 

interface FastEthernetO/O 

ip address 192.168.202.1 255.255.255.0 

duplex auto 

speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 


interface Seri a 10/0/0 
no ip address 
shutdown 
no fair-queue 


interface Seri a 10/0/1 
no ip address 
shutdown 


ip forward-protocol nd 
no ip http server 
no ip http secure-server! 
control-plane 


mgcp profile default 
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line con 0 
password ccna 
login 

line aux 0 
password cisco 
login 

line vty 0 4 
password zoom 
login 

transport input all 


scheduler allocate 20000 1000 
end 

To View Router Startup Configuration (NVRAM) 

HYD-1 # show startup-config 

startup-config is not present 

Saving configuration to the router 

To save configuration on router 

HYD-1 # write memory 

Destination filename [startup-config]? 

Building configuration... 

[OK] 

HYD-1# 

To view router startup configuration (NVRAM) 
HYD-1 # show startup-config 

Current configuration : 1241 bytes 


Last configuration change at 08:40:39 UTC Sat Jul 9 2016 
version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 


hostname HYD-1 


boot-sta rt-m a rke r 
boot-end-marker 
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enable secret 5 $l$DMgk$ITC7TUZVwFn5969wEB2mw. 
enable password ccna 


no aaa new-model 


dotll syslog 
ip source-route 


ip cef 


no ipv6 cef 


multilink bundle-name authenticated 
crypto pki token default removal timeout 0 


license udi pid CISC02811 sn FHK1109F34X 
! 

redundancy 

! 

interface FastEthernetO/O 

ip address 192.168.202.1 255.255.255.0 

duplex auto 

speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 


interface Serial0/0/0 
no ip address 
shutdown 
no fair-queue 


interface Seri a 10/0/1 
no ip address 
shutdown 


ip forward-protocol nd 
no ip http server 
no ip http secure-server! 
control-plane 


mgcp profile default! 


line con 0 
password ccna 
login 
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line aux 0 
password cisco 
login 

line vty 0 4 
password zoom 
login 

transport input all 

i 

P 

scheduler allocate 20000 1000 
end 

Access the router via Telnet 

• Accessing router via telnet by giving below command on a Windows or Linux computer, 

telnet 192.168.202.1 
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LAB 4: INITIAL CONFIGURATION OF ROUTER - IPv6 NETWORK 


OBJECTIVE: 

To get familiarized with Cisco IOS modes and configure a new Router with basic configuration i.e. 
assign IPv6 address on the interfaces and configure passwords etc. 


TOPOLOGY: 

Setup Console and Ethernet connectivity for the lab as below : 


Console 




F0/0 N 

2001:llll::l/64 


\ 


I 



Computer IP Address 
2001:llll:;10/64 


TASK: 

• Establish console connectivity 

• Access router via console with an emulation software 

• Get to know Cisco IOS Modes and Show commands 

• Configure Hostname and Interface IP address 

• Configure Connectivity Passwords 

• Configure Privilege Mode / Enable Password 

• Verify configuration in RAM and NVRAM 

• Saving configuration to the router 

• Access the router via Telnet 
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Establish console connectivity 

Refer page no. 36 for how to establish console connectivity. 

Access router via console with an emulation software 

Refer page no. 36 for accessing Router via console port . 

Get to know Cisco IQS Modes and Show commands 

After the Router boots-up completely, (on a new Cisco Router) it enters setup mode as below: 

— System Configuration Dialog — 

Would you like to enter the initial configuration dialog? [yes/no]: no 
Would you like to terminate autoinstall? [yes]: yes 

If you choose "Yes", IOS will prompt questions to gather the information to configure the Router, it is 
recommended to choose "no", since we can configure the Router using IOS commands 


Router > 


To navigate into Privilege mode/Executive Mode from User Mode and Vice-Versa 

Router>enable 
Router # 

Router# disable 
Router > 

To view router 105 and hardware information 
Router # show version 

Cisco IOS Software, 2800 Software {C2800NM-ADVENTERPRISEK9-M), Version 15.1) 
Technical Support: http://www.cisco.com/techsupport 
Copyright (c) 1986-2015 by Cisco Systems, Inc, 

Compiled Tue 24-Mar-15 09:00 by prod_rel_team 

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fcl) 

Router uptime is 56 minutes 

System returned to ROM by reload at 08:19:55 UTC Sat Jul 9 2016 
System image file is "flash:c2800nm-adventerprisek9-mz, 151-4.M10.bin" 

Last reload type: Normal Reload 
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This product contains cryptographic features and is subject to United 
States and local country laws governing import, export, transfer and 
use. Delivery of Cisco cryptographic products does not imply 
third-party authority to import, export, distribute or use encryption. 
Importers, exporters, distributors and users are responsible for 
compliance with U.S. and local country laws. By using this product you 
agree to comply with applicable laws and regulations. If you are unable 
to comply with U.S. and local laws, return this product immediately. 

A summary of U.S. laws governing Cisco cryptographic products may be fou: 
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html 


If you require further assistance please contact us by sending email to 
export@cisco.com. 

Cisco 2811 (revision 1.0) with 249856K/12288K bytes of memory. 

Processor board ID FHK1109F34X 

2 FastEthernet interfaces 

2 Serial(sync/async) interfaces 

1 Virtual Private Network (VPN) Module 

DRAM configuration is 64 bits wide with parity enabled. 

239K bytes of non-volatile configuration memory. 

125440K bytes of AT A CompactFlash (Read/Write) 

License Info: 

License UDI: 


Device# PID SN 

*0 CISC02811 FHK1109F34X 

Configuration register is 0x2102 
Router# 


To view router flash Information 

Router # show flash 

-# — length date/time path 

1 1 Jan 1 2016 13:54:52 +00:00 redirect.out 

2 67926080 Sep 5 2015 14:59:38 +00:00 c2800nm-adventerprisek9-mz.l51n 


60235776 bytes available (67932160 bytes used) 
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To view router current configuration (RAM) 

Router # show running-config 

Current configuration : 1010 bytes 


version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 


hostname Router 


boot-start-marker 

boot-end-marker 


no aaa new-model! 
dotll syslog 
ip source-route! 
ip cef 


no ipv6 cef 
! 

multilink bundle-name authenticated! 

! 

crypto pki token default removal timeout 0 


license udi pid CISC02811 sn FHK1109F34X 


redundancy 


interface FastEthernetO/O 
no ip address 
shutdown 
duplex auto 
speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 


interface Seria 10/0/0 
no ip address 
shutdown 
no fair-queue 


interface Seria 10/0/1 
no ip address 
shutdown 


ip forward-protocol nd 
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no ip http server 

no ip http secu re-server 


control-plane 


mgcp profile default 

line con 0 

line aux 0 

line vty 0 4 

login 

transport input all 


scheduler allocate 20000 1000 
end 

Router# 


To view router startup configuration (NVRAM) 

Router# show startup-config 

startup-config is not present 

To navigate into Global Configuration Mode 

Router # configure terminal 
Router (config) # 

Configure Hostname and Interface IPv6 address 

To change the Host Name of Router 

Router (config) # hostname HYD-1 
HYD-1 (config) # 

To configure IPv6 address on Ethernet Interface (LAN interface) 

HYD-1 (config) # interface Fastethernet 0/0 
HYD-1 (config-if) # ipv6 address 2001:llll::l/64 
HYD-1 (config-if) # no shutdown 
HYD-1 (config-if) # exit 

Configure Connectivity Passwords 

To configure telnet password 

HYD-1 (config) # line vty 0 4 
HYD-1 (config-line} # password zoom 
HYD-1 (config-line) # login 
HYD-1 (config-line) # exit 
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To configure console password 

HYD-1 (config) # line console 0 
HYD-1 (config-line) # password ccna 
HYD-1 (config-line) # login 
HYD-1 (config-line) # exit 

To configure auxiliary password 

HYD-1 (config) # line aux 0 
HYD-1 (config-line) ft password cisco 
HYD-1 (config-line) ft login 
HYD-1 (config-line) ft exit 

Configure Privilege Mode / Enable Password 


Configure privilege password 

HYD-1 (config) # enable password ccna 
HYD-1 (config) # enable secret zoom 

Verify configuration in RAM and NVRAM 


To View Router Current Configuration (RAM) 
HYD-1 # show running-config 

Current configuration : 1241 bytes 


Last configuration change at 08:37:39 UTC Sat Jul 9 2016 
version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 


hostname HYD-1 


boot-start-marker 

boot-end-marker 


enable secret 5 $l$DMgk$ITC7TUZVwFn5969wEB2mw. 
enable password ccna 


no aaa new-model 


dotll sysilog 
ip source-route 


ip cef 


CCNA Lab Manual 


Page 


55 


www.zoomgroup.com 




ZOOM 


TECHNOLOGIE 



multilink bundle-name authenticated 
crypto pki token default removal timeout 0 

■ 

license udi pid CISC02811 sn FHK1109F34X 

i 

■> 

redundancy 

i 

V 

interface FastEthernetO/O 

ip address ipv6 address 2001:llll::l/64 

duplex auto 

speed auto 

! 

V 

interface FastEtherneto/l 
no ip address 
shutdown 
duplex auto 
speed auto 

! 

interface Seria 10/0/0 
no ip address 
shutdown 
no fair-queue 
clock rate 2000000 

! 

interface Seria 10/0/1 
no ip address 
shutdown 
clock rate 2000000 

i 

rt 

ip forward-protocol nd 
no ip http server 
no ip http secure-server! 
control-plane 

i 

a- 

mgcp profile default 

i 

■ 

line con 0 
password ccna 
login 

line aux 0 
password cisco 
login 

line vty 0 4 
password zoom 
login 

transport input all 


scheduler allocate 20000 1000 
end 
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To View Router Startup Configuration (NVRAM) 

HYD-1 # show startup-config 
startup-config is not present 

Saving configuration to the router 

To save configuration on router 

HYD-1 # copy running-config startup-config 

Destination filename [startup-config]? 

Building configuration... 

[OK] 

HYD-1# 

To view router startup configuration (NVRAM) 
HYD-1 # show startup-config 

Current configuration : 1241 bytes 


Last configuration change at 08:40:39 UTC Sat Jul 9 2016 
version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 


hostname HYD-1 


boot-start-marker 

boot-end-marker 


enable secret 5 $l$DMgk$!TC7TUZVwFn5969wEB2mw. 
enable password ccna 


no aaa new-model 


dotll syslog 
ip source-route 


ip cef 


no ipv6 cef 
! 

multilink bundle-name authenticated 
crypto pki token default removal timeout 0 
! 
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license udi pid CISC02811 sn FHK1109F34X 


redundancy 


interface FastEthernetO/O 

ip address ipv6 address 2001:llll::l/64 

duplex auto 

speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 


interface SerialO/O/O 
no ip address 
shutdown 
no fair-queue 
clock rate 2000000 


interface Serial0/0/l 
no ip address 
shutdown 
clock rate 2000000 


ip forward-protocol nd 
no ip http server 
no ip http secure-server! 
control-plane 


mgcp profile default! 

i 


line con 0 
password ccna 
login 

line aux 0 
password cisco 
login 

line vty 0 4 
password zoom 
login 

transport input all 


scheduler allocate 20000 1000 
end 
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• Accessing router via telnet by giving below command on a Windows or Linux computer. 

telnet 2001;1111;;1 
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OBJECTIVE: 

To enhance router security by encrypting all passwords, configure banners, exec-timeouts on router. 

TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 


^HYD-1* 


F0/0 

192.168.202.1/24 




Switch 



Computer IP Address 
192.168.202.10/24 


Pre-requisite: Initial configuration to be done on the router (LAB - 3) 


TASKS: 

• Access router via Telnet 

• Encrypt all cleartext passwords on the router. 

• Configure Warning Banner 

• Configure unattended (idle-timeout) session timeout for VTY access 
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• Access router via telnet by giving below command on a Windows or Linux computer. 

telnet 192.168.202.1 



Encrypt all clear text passwords on the router 


Verify router's existing configuration 

All password are in clear text except enable secret password 

HYD-1 # sh running-config 
Current configuration : 1241 bytes 

i 

i- 

Last configuration change at 08:37:39 UTC Sat Jul 9 2016 
version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 

i 

i- 

hostname HYD-1 

i 

■ 

boot-start-marker 

boot-end-marker 

i 

■ 

enable secret 5 $l$DMgk$ITC7TUZVwFn5969wEB2mw. 
enable password ccna 

i 

i 

no aaa new-model 

i 

i 

dotll syslog 
ip source-route 

i 

■ 

ip cef 
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multilink bundle-name authenticated 
crypto pki token default removal timeout 0 


license udi pid CISC02811 sn FHK1109F34X 


redundancy 


interface FastEthernetO/Q 

ip address 192.168.202.1 255.255.255.0 

duplex auto 

speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 

! 

interface Seria 10/0/0 
no ip address 
shutdown 
no fair-queue 


interface SerialO/O/1 
no ip address 
shutdown 


ip forward-protocol nd 
no ip http server 
no ip http secure-server! 
control-plane 

i 


mgcp profile default 


line con 0 
password ccna 
login 

line aux 0 
password cisco 
login 

line vty 0 4 
password zoom 
login 

transport input all 


scheduler allocate 20000 1000 
end 

HYD-1# 
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Encrypt all clear text passwords 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z 
HYD-1 (config) # service password-encryption 
HYD-1 (config) # end 

Verification: 

Now previously visible passwords are encrypted 

HYD-1 ft sh running-config 

Building configuration... 

Current configuration : 1241 bytes 


Last configuration change at 08:37:39 UTC Sat Jul 9 2016 
version 15.1 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname HYD-1 
! 

boot-start-marker 

boot-end-marker 


enable secret 5 $l$DMgk$ITC7TUZVwFn5969wEB2mw. 
enable password 7 045802150C2E 


no aaa new-model 


dotll syslog 
ip source-route 


ip cef 


multilink bundle-name authenticated 
crypto pki token default removal timeout 0 


license udi pid CISC02811 sn FHK1109F34X 


redundancy 


interface FastEthernetO/O 

ip address 192.168.202.1 255.255.255.0 

duplex auto 

speed auto 


interface FastEthernetO/1 
no ip address 
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shutdown 
duplex auto 
speed auto 

i 

■ 

interface SerialO/O/Q 
no ip address 
shutdown 
no fair-queue 

i 

w 

interface SerialO/O/1 
no ip address 
shutdown 

! 

■■ 

Ip forward-protocol nd 
no ip http server 
no ip http secure-server! 
control-plane 
! 

mgcp profile default 
! 

line con 0 

password 7 14141 1050D 
login 

line aux 0 

password 7 030752180500 
login 

line vty 0 4 

password 7 0109090B56 
login 

transport input all 

i 

a- 

scheduler allocate 20000 1000 
end 

HYD-1 # 

Configure Warning Banner 

Configure a warning message to display prior to login. 

HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) tt banner motd $ 

Enter TEXT message. End with the character 


UNAUTHORISED ACCESS STRICTLY PROHIBITED AND 
PROSECUTED TO THE FULL EXTENT OF THE LAW 

=======================================================================$ 
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Now open a new telnet session from your computer to the router to verify the banner configured, 
i.e. telnet 192.168.202.1 



Configure unattended (idle-timeout) session timeout for VTY access 

By default unattended session time-out is 10 minutes, We reducing the unattended session timeout 
to 1 minute 00 seconds. 

HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # line vty 0 4 

HYD-1 (config-line) # exec-timeout 1 00 

HYD-1 (config-line) # end 


Verification: 

Now open a new telnet session from your computer to the router (get into privilege mode) and leave 
the session open without performing any action or modification for 1 minute. Session will be 
automatically disconnected after the session time-out has been reached. 
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LAB 6: WAN CONFIGURATION - SERIAL INTERFACE (IPv4) 


OBJECTIVE: 

To configure and troubleshoot a Serial Interface. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below : 




5 0/1 

172,180.2 


Fa 0/0 
192.168,201.1 



SO 
172.16,0,1 





S 0/0/1 
172.16.0.2 



S 0/0/0 
172,17.0.1 

Fa 0/0 

192.168.202.1 



Fa 0/0 

192.168.201.0/24 



S 0/0 

172.16.0.0/16 


S 0/1 

172,18,0,0/16 

Fa 0/0 

132,168.202,0/24 



5 0/0/0 

172.17,0.0/16 



S 0/0/1 

172.16.0.0/16 


5 0/0 
172.18.0.1 



SO/1 
172.17.0.2 


Fa 0/0 

192.168.203.1 



Fa 0/0 
S 0/0 
S 0/1 


T 

L 






H 


192.168.203.0/24 

172.18.0. 0/16 

172.17.0. 0/16 


TASK: 

• Identify Serial Interface as DCE or DTE 

• Configure Serial Interface 

• Verify Serial Interface Configuration 

• Troubleshooting Serial Interface 
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Identify Serial Interface as DCE or DTE 

Example - HYD-1 

Identify DCE / DTE interface on HYD-1 

HYD-1 # show controllers serial 0/0/0 
Interface Serial0/0/0 
Hardware is GT96K 
DTE V.35 

idb at 0x48C78680, driver data structure at 0x48C7FC80 
wic info 0x48C802AC 
Physical Port 1, SCC Nunn 1 
! 

<output omitted> 


HYD-1 # show controllers serial 0/0/1 

Interface SerialO/O/1 
Hardware is GT96K 
DCE V.35, no clock 

idb at 0x48C82750, driver data structure at 0x48C89F94 
wicjnfo 0x48C8A5C0 
Physical Port 0, SCC Num 0 


coutput omitted> 


Verify Serial Interface existing status 

HYD-1 # show interface serial 0/0/0 
Serial0/0/0 is administratively down, line protocol is down 
Hardware is GT96K Serial 

MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set {10 sec) 


coutput omitted> 


HYD-1 # show interface serial 0/0/1 
Serial0/0/l is administratively down, line protocol is down 
Hardware is GT96K Serial 

MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set {10 sec) 


coutput omitted> 


CCNA Lab Manual 


Page | 67 


www.zoomgroup.com 




ZOOM 


TECHNOLOGIE 



Verify HYD-l's existing configuration 

HYD-1 # show running-config 

Building configuration.., 

Current configuration : 1210 bytes 
hostname HYD-1 


coutput omitted> 


interface FastEthernetO/O 
ip address 192.168.202.1 255.255.255.0 
duplex auto 
speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 


interface Serial0/0/0 
no ip address 
shutdown 


interface Serial0/0/l 
no ip address 
shutdown 


coutput omitted> 


end 

HYD-1# 


Repeat the above commands on CHE and BAN routers. 


Configure Serial Interface 

CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE (config)# interface serial 0/0 

CHE {config-if)# ip address 172.16.0.1 255.255.0.0 

CHE {config-if)# no shutdown 

CHE (config-if)# clock rate 64000 

CHE (config-if)# encapsulation hdlc 

CHE (config-if)# exit 

CHE (config)# 


CCNA Lab Manual 


Page 


68 


www.zoomgroup.com 



ZOOM 

TECHNOLOGIES 



CHE (config)# interface serial 0/1 

CHE {config-if)# ip address 172.18.0.2 255.255.0.0 

CHE (config-if)# no shutdown 

CHE (config-if)# encapsulation hdlc 

CHE (config-if)# exit 

CHE (config)# exit 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config)# interface serial 0/0/0 

HYD-1 (config-if)# ip address 172.17.0.1 255.255.0.0 

HYD-1 (config-if)# no shutdown 

HYD-1 (config-if)# clock rate 64000 

HYD-1 (config-if)# encapsulation hdlc 

HYD-1 (config-if)# exit 

HYD-1 (config)# 

HYD-1 (config)# interface serial 0/0/1 

HYD-1 (config-if)# ip address 172.16.0.2 255.255.0.0 

HYD-1 (config-if)# no shutdown 

HYD-1 (config-if)# encapsulation hdlc 

HYD-1 (config-if)# exit 

HYD-1 (config)# exit 


BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config)# interface serial 0/0 

BAN (config-if)# ip address 172.18.0.1 255.255.0.0 

BAN (config-if)# no shutdown 

BAN (config-if)# clock rate 64000 

BAN (config-if)# encapsulation hdlc 

BAN (config-if)# exit 

BAN (config)# 

BAN (config)# interface serial 0/1 

BAN (config-if)# ip address 172.17.0.2 255.255.0.0 

BAN (config-if)# no shutdown 

BAN (config-if)# encapsulation hdlc 

BAN (config-if)# exit 

BAN (config)# exit 


CCNA Lab Manual 


Page | 69 


www.zoomgroup.com 


ZOOM 

TECHNOLOGIES 



Verify Serial Interface Configuration 


CHE - Verification 

CHE # show interface serial 0/0 

SerialO/O is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 172.16.0.1/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set (10 sec) 

i 

■p 

coutput omitted> 

i 

•p 

CHE# show interface serial 0/1 

SerialO/1 is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 172.18.0.2/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set {10 sec) 

i 

■p 

coutput omitted> 

i 


HYD-1 - Verification: 


HYD-1 # show interface serial 0/0/0 
SerialQ/0/0 is up, line protocol is up 
Hardware is GT96K Serial 
Internet address is 172.17.0.1/16 
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set {10 sec) 

i 

-v 

coutput omitted> 

HYD-1 # show interface serial 0/0/1 
Serial0/0/l is up, line protocol is up 
Hardware is GT96K Serial 
Internet address is 172.16.0.2/16 
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set (10 sec) 

l 

■P 

coutput omitted> 
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BAN - Verification: 


BAN # show interface serial 0/0 

SerialO/O is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 172.18.0.1/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set {10 sec) 

! 

coutput omitted> 

i 

h 


BAN # show interface serial 0/1 

SerialO/l is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 172.17.0.2/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set {10 sec) 

i 

coutput omitted> 

i 

•i 

Troubleshooting Serial Interface 


From the output, the first line indicates the status of the Serial interface. There are 4 possible states: 

1. Serial 0/0 is up , line protocol is up 

Layer 1 and Layer 2 Connectivity and configuration is fine 

2. Serial 0/0 is administratively down, line protocol is down 

'No Shutdown' has to be given on the local Router's Serial interface 

3. Serial 0/0 is up, line protocol is down 

Encapsulation mismatch or clock rate has not been given on the DCE interface or Lease Line 
problem 

4. Serial 0/0 is down, line protocol is down 

Problem with the v.35 cable, CSU/DSU or 'no shutdown' has not been given on the remote 
Router 


CCNA Lab Manual 


Page | 71 


www.zoomgroup.com 




LAB 7: WAN CONFIGURATION - ETHERNET INTERFACE (IPv6) 


OBJECTIVE: 

To configure and troubleshoot an Ethernet Interface. 


TOPOLOGY: 


Setup Ethernet connectivity for the lab as below : 


Fa 0/1 


Fa 0/1 




2001:5555:: 1/64 


2001: 5555:: 2/64 



Fa 0/0 

2001 :1111 ::1/64 


Fa 0/0 

2001:2222:: 1/64 



Switch 


L 





Fa 0/1 2001 :5555::/64 




Fa 0/0 

2Q01:2222::/64 


Fa 0/1 2001:5555::/64 


TASK: 

• Verify Ethernet Interface existing status 

• Configure Ethernet Interface with IPv6 address 

• Verify IPv6 Address Configuration on Ethernet Interface 

• Troubleshooting Ethernet Interface 


CCNA Lab Manual 


Page | 72 


www.zoomgroup.com 








ZOOIV 


TECHNOLOG IE 



Verify Ethernet Interface existing status 

HYD-l # show interface fastethernet 0/1 

FastEthernetO/ is administratively down, line protocol is down 
Flardware is MV96340 Ethernet, address is 0017.9460x209 (bia 0017.9460x209) 
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation ARPA, loopback not set 
Keepalive set {10 sec) 

Full-duplex, lOOMb/s, lOOBaseTX/FX 


coutput omitted> 


Verify HYD-l 's existing configuration 

HYD-l # show running-config 

Building configuration... 

Current configuration : 1210 bytes 
hostname HYD-l 


coutput omitted> 


interface FastEthernetO/O 

ip address 192.168.202.1 255.255.255.0 

ip address ipv6 address 2001:llll::l/64 

duplex auto 

speed auto 


interface FastEthernetO/1 
no ip address 
shutdown 
duplex auto 
speed auto 


interface Serial0/0/0 

ip address 172.17.0.1 255.255.0.0 


interface SerialQ/0/1 

ip address 172.16.0.2 255.255.0.0 


coutput omitted> 


end 

HYD-l # 

Repeat the above commands on HYD-2 router. 
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Configure Ethernet Interface with IPv6 address 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config)# interface fastethernet 0/1 

HYD-1 (config-if)# ipv6 address 20Ql:5555::l/64 

HYD-1 (config-if)# no shutdown 

HYD-1 (config-if)# exit 

HYD-1 (config)# 


HYD-2 - Configuration 
HYD-2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-2 (config)# interface fastethernet 0/1 

HYD-2 (config-if)# ipv6 address 2001:5555::2/64 

HYD-2 (config-if)# no shutdown 

HYD-2 (config-if)# exit 

HYD-2 (config)# 


Verify IPv6 Address Configuration on Ethernet Interface 


HYD-1 - Verification 

HYD-1 # show ipv6 interface fastethernet 0/1 

FastEthemetO/1 is up, line protocol is up 
IPv6 is enabled, link-local address is FE80::21B:D4FF:FE3D:B279 
Global unicast address(es): 

2001:5555-1, subnet is 2001:5555::/64 
Joined group address(es); 


FF02::1 

FF02::2 

FF02::1:FF00:1 

FF02::1:FF3D:B279 


(VITU is 1500 bytes 

ICMP error messages limited to one every 100 milliseconds 
ICMP redirects are enabled 
ND DAD is enabled, number of DAD attempts: 1 
ND reachable time is 30000 milliseconds 
Default router is FE80::217:94FF:FE60:C209 on FastEthernetO/l 
HYD-1# 
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HYD-2 # show ipv6 interface fastethernet 0/1 
FastEthernetO/1 is up, line protocol is up 
IPv6 is enabled, link-local address is FE80::217;94FF:FE60:C209 
Global unicast address(es): 

2001:5555;:2, subnet is 2001:5555::/64 
Joined group address(es): 

FF02::1 

FF02-2 

FF02::1:FF00:2 
FF02::1:FF3D:B279 
MTU is 1500 bytes 

ICMP error messages limited to one every 100 milliseconds 
ICMP redirects are enabled 
ND DAD is enabled, number of DAD attempts: 1 
ND reachable time is 30000 milliseconds 
Default router is FE80::21B:D4FF:FE3D:B279 on FastEthernetO/1 
HYD-2# 


Troubleshooting Ethernet Interface 

From the output, the first line indicates the status of the Etherent interface. There are 4 possible 
states: 

1. Fastethernet 0/0 is up , line protocol is up 

Layer 1 and Layer 2 Connectivity and configuration is fine 

2. Fastethernet 0/0 is administratively down, line protocol is down 

'No Shutdown' has to be given on the local etherent interface 

3. Fastethernet 0/0 is up, line protocol is down 

Speed & Duplex Mismatch or 'No Shutdown' has not been given on the remote device ethernet 
interface. 

4. Fastethernet 0/0 is down, line protocol is down 

Layer 1 problem - No device attached or faulty cable. 
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LAB 8: STATIC ROUTING ON IPv4 NETWORK 


OBJECTIVE: 

To configure Static Routing on IPv4 Network for enabling communication between different networks 
connected to different routers. To set up static routes on CHE, HYD-1, BAN to connect to each other’s 
local networks. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below : 


Fa D/0 
192.168.201.1 



■ m 


SO/I 

172.18.0.2 


50 
172.16.0.1 


E2I3B 

i 

i , 






Til 


Fa 0/0 
S 0/0 
S 0/1 


192.168,201.0/24 

172.16.0. 0/16 

172.16.0. 0/16 


S 0/0/1 
172.16,0.2 


S 0/0/0 
172,17,0,1 

Fa 0/0 

192, 168. 202*1 

A 



Interface 

Network ID / Mask 

Fa o/o 

1 921 68.202.0/24 

S 0/0/0 172.17,0.0/16 

S 0/0/1 

172.16.0.0/16 


5 0/0 
172.18.0.1 



5 0/1 
172.17.0.2 


Fa 0/0 

192,168.203.1 





Fa 0/0 

192.168.203.0/24 

S 0/0 

172,18,0.0/16 

S 0/1 

172.17.0.0/16 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 


TASK: 

• Enabling IPv4 Routing 

• Verify IPv4 Routing Table 

• Configure Static Routing on IPv4 Network 

• Verify Static Routing on IPv4 Network 

• Verify communication between the IPv4 networks. 
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CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
CHE {config) # ip routing 
CHE {config) # 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # ip routing 
HYD-1 (config) # 


BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
BAN (config) # ip routing 
BAN (config) # 


Note : Once routing is enabled the directly connected networks are automatically added into the 
routing information table. "C" represents directly connected networks. The IPv4 Network is 
learnt through the local Interface of the router. 

Verify IPv4 Routing Table 

CHE - Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.16.0.0/16 is directly connected, Serial0/0 

C 172. IS. 0.0/16 is directly connected, Serial0/1 

C 192.168.201.0/24 is directly connected, FastEthernet0/0 

CHE# 
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HYD-1 - Verification : 

HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M * mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per user static route 
o - ODR, P - periodic downloaded static route, FI - NFIRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernetO/O 
L 10.0.0.1/32 is directly connected, FastEthernet0/0 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, SerialO/O/l 

L 172.16.0.2/32 is directly connected, Serial0/0/l 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, Serial0/0/0 

L 172.17.0.1/32 is directly connected, SerialO/0/0 
HYD-1# 


BAN - Verification : 

BAN # show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, Serial0/1 

C 172.18.0.0/16 is directly connected, Serial0/0 

C 192.168.203.0/24 is directly connected, FastEthernetO/0 

BAN# 
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Configure Static Routing on IPv4 Network 

CHE — Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE {config) # ip route 192.168.202.0 255.255.255.0 172.16.0.2 
CHE {config) # ip route 192.168.203.0 255.255.255.0 172.18.0.1 

CHE {config) # exit 
CHE {config) # 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip route 192.168.201.0 255.255.255.0 172.16.0.1 
HYD-1 (config) # ip route 192.168.203.0 255.255.255.0 172.17.0.2 

HYD-1 (config) # exit 
HYD-1 (config) # 

BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config) # ip route 192.168.202.0 255.255.255.0 172.17.0.1 
BAN (config) # ip route 192.168.201.0 255.255.255.0 172.18.0.2 

BAN (config) # exit 
BAN (config) # 

Verify Static Routing on IPv4 Network 

Once Static routing is enabled, the IPv4 Networks defined with the Static routing command are 
added into the routing information table. "S" represents Static route. 

CHE- Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.16.0.0/16 is directly connected, Serial0/0 
C 172.18.0.0/16 is directly connected, SerialO/1 
S 192.168.202.0/24 [1/0] via 172.16.0.2 
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C 192.168.201.0/24 is directly connected, FastEthernetO/O 

S 192.168,203.0/24 [1/0] via 172.18.0.1 

CHE# 


HYD-1 - Verification: 


HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
IM1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS IS, su - IS IS summary, LI - IS IS level-1, L2 - IS IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 

0 - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202.1/32 is directly connected, FastEthernet0/0 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, Serial0/0/l 

L 172.16.0,2/32 is directly connected, Serial0/0/l 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, Serial0/0/0 

L 172.17.0,1/32 is directly connected, Serial0/0/0 
S 192.168.201.0/24 [1/0] via 172,16.0.1 
S 192,168.203.0/24 [1/0] via 172,17.0,2 
HYD-1# 

BAN - Verification : 

BAN # show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 

1 - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 

ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, Serial0/1 
C 172.18.0.0/16 is directly connected, Serial0/0 
S 192.168.202.0/24 [1/0] via 172.17.0.1 
S 192.168.201.0/24 [1/0] via 172.18.0.2 
C 192.168.203.0/24 is directly connected, FastEthernet0/0 
BAN# 
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Verify communication between the IPv4 networks 


Verification from a Computer in HYP-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203,10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_$eq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_$eq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

Repeat the above ping verification from a computer in CHE and BAN Network. 

From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network 

tracert 192 * 168 * 201 * 10 (Windows) or traceroute 192.168.201,10 (Linux) 

trace route to 192,168,201,10 (192,168,201,10), 30 hops max, 38 byte packets 

1 192,168,202,1 (192,168,202,1) 1,086ms 1,124ms 1,144ms 

2 172,16,0,1 (172,16,0,1) 2,295 ms 2.156 ms 2,209 ms 

3 192.168,201,10 (192,168.202.10) 3.295ms 3.156 ms 3.209ms 


From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network 

tracert 192.168.203,10 (Windows) or traceroute 192.168,203.10 (Linux) 

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets 

1 192,168,202,1 (192,168,202,1) 1,086 ms 1,124 ms 1,144 ms 

2 172,17,0.2 (172,17,0.2) 2,295 ms 2.156 ms 2,209 ms 

3 192,168,203,10 (192,168,203,10) 3,295 ms 3.156 ms 3.209 ms 

Repeat the above trace communication path from a computer in CHE and BAN Network. 
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LAB 9: STATIC ROUTING ON IPv6 NETWORK 


OBJECTIVE: 

To configure Static Routing on IPv6 Network for enabling communication between different networks 
connected to different routers. To set up static routes on HYD-1 and HYD-2 to connect to each other's 
local networks. 


TOPOLOGY: 


Setup Ethernet connectivity for the lab as below : 


Fa 0/1 


Fa 0/1 



2001:5556::1 


2001:5555-2 


teiiiiw 


Fa 0/0 

2001 : 1 1ll : :1 


Fa 0/0 

2001 : 2222::1 





Fa 0/0 

200l:llll::/64 


Fa 0/1 2001:5555::/64 



Fa 0/1 2001:5555::/64 


Pre-requisite: WAN interface configuration to be done on the router (LAB - 7) 

TASK: 

• Enabling IPv6 Routing 

• Verify IPv6 Routing Table 

• Configure Static Routing on IPv6 Network 

• Verify Static Routing on IPv6 Network 

• Verify communication between the IPv6 networks. 
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Enabling IPv6 Routing 
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HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # ipv6 unicast-routing 
HYD-1 (config) # 


HYD-2 - Configuration 
HYD-2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-2 (config) # ipv6 unicast-routing 
HYD-2 (config) # 


Note : Once routing is enabled the directly connected networks are automatically added into the 
routing information table. "C'represents directly connected networks. The IPv6 Network is 
learnt through the local Interface of the router. 

Verify IPv6 Routing Table 


HYD-1 - Verification : 

HYD-1# show ipv6 route 

IPv6 Routing Table - default - 5 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
II - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
I - LISP 

0 - OSPF Intra, 01 - OSPF Inter, 0E1 - OSPF ext 1, 0E2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, 0N2 - OSPF NSSA ext 2 

C 2001:llll::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:1111::1/128 [0/0] 
via FastEthernetO/O, receive 
C 200l:5555::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:S555::1/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 
HYD-1# 
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HYD-2 - Verification: 
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HYD-1 ft show ipv6 route 

IPv6 Routing Table - default - 5 entries 

Codes: C - Connected, L - Local, S - Static, U - Per user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
II - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
I - LISP 

0 - OSPF Intra, 01 * OSPF Inter, 0E1 - OSPF ext 1, 0E2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, 0N2 - OSPF NSSA ext 2 
C 2001:2222-/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:2222-1/128 [0/0] 
via FastEthernetO/O, receive 
C 2001:5555-/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::2/128 [0/0] 
via FastEthernetO/l, receive 
L FF00::/8 [0/0] 
via N ul 10, receive 
HYD-2# 


Configure Static Routing on IPv6 Network 

HYD-l - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) ft ipv6 route 2001:2222::/64 200l:5555::2 
HYD-1 (config) # exit 
HYD-1 (config) # 


HYD-2 - Configuration 
HYD-2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-2 (config) # ipv6 route 2001:llll::/64 2001:5555-1 
HYD-2 (config) # exit 
HYD-2 (config) # 
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Verify Static Routing on IPv6 Network 

Once Static routing is enabled, the IPv6 Networks defined with the Static routing command are 
added into the routing information table. "$" represents Static route, 

HYD-1 - Verification : 

HYD-1 # show ip route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MIR - Mobile Router, R - RIP 
II - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
0 - OSPF Intra, 01 - OSPF Inter, 0E1 - OSPF ext 1, 0E2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, 0N2 - OSPF NSSA ext 2 
C 2001:llll::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:1111::1/128 [0/0] 
via FastEthernetO/O, receive 
S 2001:2222::/64 [1/0] 
via 2001:5555::2 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::1/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 
HYD-1# 

HYD-2- Verification : 

HYD-2 # show ipv6 route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
II - ISIS Ll, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
0 - OSPF Intra, 01 - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, 0N2 - OSPF NSSA ext 2 
S 2001:llll::/64 [1/0] 
via 2001:5555::1 
C 2001:2222::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:2222::1/128 [0/0] 
via FastEthernetO/O, receive 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::2/128 [0/0] 
via FastEthernetO/l, receive 
L FF00::/8 [0/0] 
via NullO, receive 


HYD-2# 
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Verify communication between the IPv6 networks 


Verification from a Computer in HYD-1 Network 

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux) 

PING 2001 :2222 ::10(2001 :2222 : : 10) 56 data bytes 
64 bytes from 2001:2222 : : 10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:2222:;10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms 


Verification from a Computer in HYD-2 Network 

ping 2001:1111::10 (Windows) or ping6 2001:1U1::10 (Linux) 

PING 2001:1111::10(2001:1111::10) 56 data bytes 
64 bytes from 2001:1111::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:1111::10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:1111::10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:1111:;10: icmp_seq=4 ttl=62 time=0.336 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in HYD-2 Network 

tnacert 2001 : 2222 :: 10 {Windows) or tracerout.e6 2001 : 2222 :: 10 (Linux) 

traceroute to 2001 : 2222 :: 10 (2001 : 2222 :: 10 ) , 30 hops max, 80 byte packets 

1 2001:1111::! (2001:1111::!) 2.825 ms 3.239 ms 3*665 ms 

2 2001:5555: : 2 (2001 : 5555 : : 2 ) 9.086 ms 9.393 ms 9.642 ms 

3 2001 :2222: : 1 0 (2001 : 2222 :: 1 0 ) 9.781 ms 10.474 ms 10.720 ms 


From a Computer in HYD-2 Network trace communication path to a Computer in HYD-1 Network 


tracert 2001 : 1111 :: 10 (Windows) or traceroute6 2001 : 1111 :: 10 (Linux) 


traceroute to 
1 2001:2222 

2 2001:5555 

3 2001:1111 


2001:1111: :10 (2001 : 1111 :: 10) # 30 hops 
1 (2001:2222: : 1} 1.071 ms 1.152 ms 
1 (2001:5555: :1) 4.303 ms 4.930 ms 
10 (2001 : 1111 :: 10) 10.832 ms 11.444 


max, 80 byte packets 
1.238 ms 
5.419 ms 
ms 11.541 ms 
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LAB 10: RIP ON IPv4 


OBJECTIVE: 

To configure RIP routing for communicating between different IPv4 networks on different routers. 


TOPOLOGY: 


Setup Ethernet and Serial connectivity for the lab as below : 






Fa 0/0 

192.168.201.0/24 


S 0/0 172.16.0.0/16 

S 0/1 172.18.0.0/16 






Fa 0/0 

192.168.203.0/24 

5 0/0 

172.18.0.0/16 

S 0/1 

172.17.0,0/16 


Lol 

16.1.1.1/24 

Lo2 

16.1.2,1/24 

Lg3 

16.1.3,1/24 


5 0/0/0 

172.17.0.0/16 

S 0/0/1 

172.16,0.0/16 




Lol 

17.1.1.1/24 

Lo2 

17.1.2.1/24 

Lo3 

17.1.3,1/24 




Lol 

18.1.1 .1724 

Lo2 

18.1.2.1/24 

Lo3 

18.1.3.1724 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 


TASK: 

• Configure Loopback Interface 

• Verify Loopback Interface 

• Configure RIP Routing on IPv4 network 

• Verify RIP Routing on IPv4 network 

• Verify Communication between the IPv4 networks 

• Verify RIP protocol default settings 

• Verify RIP Update Packets 

• Changing RIP Timers 

• Enabling Passive Interface on RIP 

• Verify RIP Database 

• Disabling RIP Auto Summary 
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Configure Loopback Interface 

Configure Loopback interface according to Lab Topology 

CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE {config)# interface Lo 1 

CHE (config-if)# ip address 16.1.1.1 255.255.255.0 

CHE {config)# interface Lo 2 

CHE {config-if)# ip address 16.1.2.1 255.255.255.0 

CHE (config)# interface Lo 3 

CHE (config-if)# ip address 16.1.3.1 255.255.255.0 

CHE (config-if)# exit 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config)# interface Lo 1 

HYD-1 (config-if)# ip address 17.1.1.1 255.255.255.0 

HYD-1 (config)# interface Lo 2 

HYD-1 (config-if)# ip address 17.1.2.1 255.255.255.0 

HYD-1 (config)# interface Lo 3 

HYD-1 (config-if)# ip address 17.1.3.1 255.255.255.0 

HYD-1 (config-if)# exit 

BAN — Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config)# interface Lo 1 

BAN (config-if)# ip address 18.1.1.1 255.255.255.0 

BAN (config)# interface Lo 2 

BAN (config-if)# ip address 18.1.2.1 255.255.255.0 

BAN (config)# interface Lo 3 

BAN (config-if)# ip address 18.1.3.1 255.255.255.0 

BAN (config-if)# exit 


E 
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Verify Loopback Interface 


CHE - Verification : 

CHE # show ip interface brief 


Interface 

FastEthernetO/O 

SerialO/O 

SerialO/1 

iP-Address 

192.168,201.1 

172.16.0. 1 

172.18.0. 2 

OK? 

YES 

YES 

YES 

Method 

NVRAM 

NVRAM 

NVRAM 

Status 

up 

up 

up 

Protocol 

up 

up 

up 

Loopbackl 

16.1.1.1 

YES 

manual 

up 

up 

Loopback2 

16.1.2.1 

YES 

manual 

up 

up 

Loopbaclk3 

16.1.3,1 

YES 

manual 

up 

up 


HYD-1 - Verification : 

HYD-1# show ip interface brief 


Interface 

IP-Address 

OK? 

Method 

Status 

Protocol 

FastEthemetO/O 

192.168.202.1 

YES 

NVRAM 

up 

up 

FastEthernetO/1 

unassigned 

YES 

NVRAM 

administratively down 

down 

SerialO/O/O 

172.17.0.1 

YES 

manual 

up 

up 

SerialO/O/1 

172.16.0.2 

YES 

manual 

up 

up 

Loopbackl 

17.1.1.1 

YES 

manual 

up 

up 

Loopback2 

17.1.2.1 

YES 

manual 

up 

up 

Loopback3 

17.1.3.1 

YES 

manual 

up 

up 


BAN - Verification: 


HYD-1# show ip interface brief 


interface 

IP-Address 

OK? 

Method 

Status 

Protocol 

FastEthernetO/O 

192.168.203.1 

YES 

NVRAM 

up 

up 

SerialO/O 

172.18.0.1 

YES 

NVRAM 

up 

up 

FastEthernetO/1 

unassigned 

YES 

NVRAM 

administratively down 

down 

SerialO/1 

172.17.0.2 

YES 

NVRAM 

up 

up 

Loopbackl 

18.1.1,1 

YES 

manual 

up 

up 


Loopback2 

18.1.2,1 

YES 

manual 

up 

up 


Loopback3 

18.1.3.1 

YES 

manual 

up 

up 
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Configure RIP Routing on IPv4 network 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z, 

CHE (config) # ip routing 

CHE {config) # router rip 

CHE (config-router) # version 2 

CHE (config-router) # network 192.168.201.0 

CHE {config-router) # network 172.16.0.0 

CHE {config-router) ft network 172.18.0.0 

CHE {config-router) # network 16.0.0.0 

CHE {config-router) # end 

CHE# 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip routing 

HYD-1 (config) # router rip 

HYD-1 (config-router) # version 2 

HYD-1 (config-router) # network 192.168.202.0 

HYD-1 (config-router) # network 172.16.0.0 

HYD-1 (config-router) # network 172.17.0.0 

HYD-1 (config-router) # network 17.0.0.0 

HYD-1 (config-router) # end 

HYD-1# 

BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config) # ip routing 

BAN (config) # router rip 

BAN (config-router) # version 2 

BAN (config-router) # network 192.168.203.0 

BAN (config-router) # network 172.17.0.0 

BAN (config-router) # network 172,18.0.0 

BAN (config-router) # network 18.0.0.0 

BAN (config-router) # end 

BAN# 
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Verify RIP Routing on IPv4 network 

Once RIP routing is enabled, IPv4 Networks learnt via RIP are added into the routing table. "R" 

represents RIP route. 

CHE - Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS IS level-1, L2 - IS IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 


R 17.0.0.0/S [120/1] via 172.16.0.2, 00:00:03, Serial0/0 
16.0.0.0/24 is subnetted, 3 subnets 
C 16.1.1.0 is directly connected, Loopbackl 
C 16,1.3.0 is directly connected, Loopback3 
C 16,1,2.0 is directly connected, Loopback2 
R 18.0.0.0/8 [120/1] via 172.18.0.1, 00:00:24, Serial0/1 
R 172.17.0.0/16 [120/1] via 172.16.0.2, 00:00:03, Serial0/0 

[120/1] via 172.18.0.1, 00:00:24, Serial0/1 
C 172.16.0.0/16 is directly connected, Serial0/0 
C 172.18.0.0/16 is directly connected, Serial0/1 
C 192.168.201.0/24 is directly connected, FastEthernet0/0 
R 192,168.202.0/24 [120/1] via 172.16.0.2, 00:00:03, SerialQ/0 
R 192.168.203.0/24 [120/1] via 172.18.0.1, 00:00:24, Serial0/1 
CHE# 


HYD-1 - Verification : 

HYD-1 # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 


R 16.0.0.0/8 [120/1] via 172.16,0.1, 00:00:01, Serial0/0/l 
17.0.0.0/8 is variably subnetted, 6 subnets, 2 masks 
C 17.1.1.0/24 is directly connected, Loopbackl 
L 17,1.1.1/32 is directly connected, Loopbackl 
C 17.1,2.0/24 is directly connected, Loopback2 
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L 17,1.2.1/32 is directly connected, Loopback2 
C 17.1,3.0/24 is directly connected, Loopback3 
L 17,1.3.1/32 is directly connected, Loopback3 
R 18.0.0.0/8 [120/1] via 172.17.0.2, 00:00:24, Serial0/0/0 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, SerialO/O/1 

L 172.16.0.2/32 is directly connected, SerialO/O/1 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, SerialO/O/O 

L 172.17.0.1/32 is directly connected, SerialO/O/O 
R 172.18.0.0/16 [120/1] via 172.17.0.2, 00:00:24, SerialO/O/O 

[120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 
R 192.168.201.0/24 [120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 
192,168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernetO/O 
L 192.168.202.1/32 is directly connected, FastEthernetO/O 
R 192.168.203.0/24 [120/1] via 172.17.0.2, 00:00:24, SerialO/O/O 
HYD-1 # 


BAN - Verification: 


BAN # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2, E - EGP 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 


R 17.0.0.0/8 [120/1] via 172.17.0,1, 00:00:07, SerialO/1 
R 16.0.0.0/8 [120/1] via 172,18.0.2, 00:00:11, SerialO/O 

18.0.0.0/24 is subnetted, 3 subnets 
C 18.1.3.0 is directly connected, Loopback3 
C 18.1.2.0 is directly connected, LoopbackZ 
C 18.1.1.0 is directly connected, Loopbackl 
C 172.17.0.0/16 is directly connected, SerialO/1 
R 172.16.0.0/16 [120/1] via 172.17.0.1, 00:00:07, SerialO/1 

[120/1] via 172.18.0.2, 00:00:11, SerialO/O 
C 172.18.0.0/16 is directly connected, SerialO/O 
R 192.168.201.0/24 [120/1] via 172.18.0.2, 00:00:11, SerialO/O 
R 192.168.202.0/24 [120/1] via 172.17.0.1, 00:00:07, SerialO/1 
C 192.168.203.0/24 is directly connected, FastEthernetO/O 
BAN# 


CCNA Lab Manual 


Page | 92 


www.zoomgroup.com 





ZOOM 


TECHNOLOG IE 



Verify communication between the IPv4 networks 


Verification from a Computer in HYP-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203,10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_$eq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

Repeat the above ping verification from a computer in CHE and BAN Network. 


From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network 

tracer t 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux) 

traceroute to 192*163,201,10 (192 , 168 , 201 , 10 ) r 30 hops max, 33 byte packets 

1 192.163.202.1 (192,163.202.1) 1,086 ms 1.124 ms 1.144 ms 

2 172 , 16.0.1 ( 172 ,16.0,1) 2.295 ms 2.156 ms 2.209 ms 

3 192.163,201,10 ( 1 92 , 1 63 , 202 . 1 0 ) 3.295 ms 3.156 ms 3,209 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network 

tracert 192,168,203,10 (Windows) or traceroute 192.168.203.10 (Linux) 

traceroute to 192 , 168 . 203 . 10 (192.168.203.10), 30 tops max, 38 byte packets 

1 192.168.202.1 (192,168,202,1) 1.086ms 1,124ms 1.144ms 

2 172,17,0,2 (172,17.0,2) 2.295 ms 2,156 ms 2.209 ms 

3 192 •168.203- 10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms 

Repeat the above trace communication path from a computer in CHE and BAN Network. 
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Verify RIP protocol default settings 


Example - HYD-1 

HYD-1 # show ip protocols 

*** IP Routing is NSF aware *** 

Routing Protocol is "rip" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Sending updates every 30 seconds, next due in 26 seconds 
Invalid after 180 seconds, hold down 180, flushed after 240 
Redistributing: rip 

Default version control: send version 2, receive version 2 
Interface Send Recv Triggered RIP Key-chain 
FastEthernetO/O 2 2 

Serial0/0/0 2 2 

Serial0/0/l 2 2 

J.oopbackl 2 2 

Loopback2 2 2 

Loopback3 2 2 

Automatic network summarization is in effect 
Maximum path: 4 
Routing for Networks: 

17.0. 0.0 

172.16.0. 0 

172.17.0. 0 
192.168,202.0 

Routing Information Sources: 

Gateway Distance Last Update 

172.16.0. 1 120 00:00:01 

172.17.0. 2 120 00:00:23 

Distance: {default is 120) 

HYD-1# 

Verify RIP Update Packets 

Verify default behaviour of RIP Update packets by enabling debug commands 


Example - HYD-1 

HYD-1 # terminal monitor 
HYD-1 # debug ip rip 

RIP protocol debugging is on 

RIP: received v2 update from 172.16.0.1 on Serial0/0/l 

172.18.0.0/16 in 1 hops 
192.168.201.0/24 in 1 hops 
192.168.203.0/24 in 2 hops 

RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.202.1) 


CCNA Lab Manual 


Page | 94 


www.zoomgroup.com 


ZOOM 

TECHNOLOGIES 



RIP: build update entries 
network 172,16.0.0/16 metric 1 
network 172,17.0.0/16 metric 1 
network 172.18.0.0./16 metric 2 
network 192,168.201.0/24 metric 2 
network 192.168.203.0/24 metric 2 

RIP: sending v2 update to 224.0.0.9 via Serial0/0/l (172.16.0.2) 

RIP: build update entries 

network 192.168.202.0/24 metric 1 

network 172.17.0.0/16 metric 1 

network 192.168.203.0/24 metric 2 

RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (172.17.0.1) 

RIP: build update entries 

network 192,168.202.0/24 metric 1 

network 172.16.0.0/16 metric 1 

network 192.168.201.0/24 metric 2 

HYD-1 # undebug all 
HYD-1 # terminal no monitor 


Changing RIP Timers 

Changing deafault RIP timers j.e. Update, Invalid, Hold and Flush Timers. 


Example - HYD-1 

HYD-1 (config) # router rip 

HYD-l (config-router) # timers basic 15 90 90 120 

HYD-1 (config-router) # exit 

HYD-1 (config) # exit 

HYD-1 - Verification ; 

HYD-1 # show ip protocols 

*** IP Routing is NSF aware *** 

Routing Protocol is "rip" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Sending updates every 15 seconds, next due in 13 seconds 
Invalid after 90 seconds, hold down 90, flushed after 120 
Redistributing: rip 

Default version control: send version 2, receive version 2 
Interface Send Recv Triggered RIP Key-chain 

FastEthernetO/O 2 2 

Serial0/0/0 2 2 

SerialO/O/l 2 2 

Loopback 1 2 2 

Loopback2 2 2 

Loopback3 2 2 
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Automatic network summarization is in effect 
Maximum path: 4 
Routing for Networks: 

17.0. 0.0 

172.16.0. 0 

172.17.0. 0 
192.168.202.0 

Routing Information Sources: 

Gateway Distance Last Update 

172.16.0. 1 120 00:00:01 

172.17.0. 2 120 00:00:23 

Distance: {default is 120) 

HYD-1 # 

Enabling Passive Interface on RIP 

To disable sending of RIP updates packet on selected Interface, (i.e. FastEthernet Interface) we use 
the passive interface command. 

Example - HYD-1 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # router rip 

HYD-1 (config-router) # passive-interface fastethernet 0/0 
HYD-1 (config-router) # end 

After enabling passive interface, again verify the behaviour of RIP Update packets by enabling debug 
commands. Now you will not see the following line in the debug outputs. 

RIP; sending v2 update to 224.0.0.9 via fastethernet 0/0 

This means you have successfully disabled sending of RIP updates packet on selected Interface. 


HYD-1 - Verification : 

HYD-1 # show ip protocols 

*** IP Routing is NSF aware *** 

Routing Protocol is "rip" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Sending updates every 30 seconds, next due in 26 seconds 
Invalid after 180 seconds, hold down 180, flushed after 240 
Redistributing: rip 

Default version control: send version 2, receive version 2 
Interface Send Recv Triggered RIP Key-chain 


FastEthernetO/O 2 2 

SerialO/Q/O 2 2 
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SerialO/O/l 2 2 

Loopbackl 2 2 

Loopback2 2 2 

Loopback3 2 2 

Automatic network summarization is in effect 
Maximum path: 4 
Routing for Networks: 

172.16.0. 0 

172.17.0. 0 
192.168.202.0 

Passive Interface(s): 

FastEthernetO/O 
Routing Information Sources: 

Gateway Distance Last Update 

172.16.0. 1 120 00:00:01 

172.17.0. 2 120 00:00:23 

Distance: {default is 120) 

HYD-1 # 


Verify RIP Database 


HYD-1 # show ip rip database 


16.0. 0.0/8 auto-summary 

16.0,0.0/8 

[1] via 172.16.0.1, 00:00:01, SerialO/O/l 

17.0. 0.0/8 auto-summary 

directly connected, Loopbackl 
directly connected, Loopback2 
directly connected, Loopback3 

auto-summary 


17.1,1.0/24 

17.1.2.0/24 

17.1,3.0/24 

18.0,0,0/8 


18.0.0.0/8 

[1] via 172.17.0.2, 00:00:23, Serial0/0/0 

172.16.0.0/16 auto-summary 

172.16.0. 0/16 directly connected, SerialO/O/l 

172.17.0. 0/16 auto-summary 

172.17.0. 0/16 directly connected, Serial0/0/0 

172.18.0. 0/16 auto-summary 

172.18.0.0/16 

[1] via 172.17.0.2, 00:00:23, SerialO/O/O 
[1] via 172.16.0.1, 00:00:01, SerialO/O/l 
192.168.201.0/24 auto-summary 
192.168.201.0/24 

[1] via 172.16.0.1, 00:00:01, SerialO/O/l 
192.168.202.0/24 auto-summary 
192.168.202.0/24 directly connected, FastEthernet0/0 
192.168.203.0/24 auto-summary 
192.168.203.0/24 

[1] via 172.17.0.2, 00:00:23, Seria 10/0/0 
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Disabling RIP Auto Summary 

By default RIP auto summary is enabled on CISCO 105 prior to 12.4, Let's try to understand the 
difference in routing table output when auto summary is enabled and when it is disabled. 

Verify Routine Table on HYD-1 

HYD-1 # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS IS level-1, L2 - IS IS level-2, ia - IS IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

R 16.0.0.0/8 [120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 

17.0. 0.0/8 is variably subnetted, 6 subnets, 2 masks 
C 17.1,1.0/24 is directly connected, Loopbackl 

L 17.1.1.1/32 is directly connected, Loopbackl 
C 17.1,2.0/24 is directly connected, Loopback2 
L 17.1.2.1/32 is directly connected, Loopback2 
C 17.1,3.0/24 is directly connected, Loopback3 
L 17.1.3.1/32 is directly connected, Loopback3 
R 18.0.0.0/8 [120/1] via 172.17.0.2, 00:00:24, Seria 10/0/0 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, Seria 10/0/2 

L 172.16.0.2/32 is directly connected, Serial0/0/l 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, Serial0/0/0 

L 172.17.0.1/32 is directly connected, SerialO/0/0 
R 172.18.0.0/16 [120/1] via 172.17.0.2, 00:00:24, Seriai0/0/0 


[120/1] via 172.16.0.1, 00:00:01, Seria 10/0/1 


R 192.168.201.0/24 [120/1] via 172.16.0.1, 00:00:01, SerialO/0/1 
192,168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202.1/32 is directly connected, FastEthernet0/0 
R 192.168.203.0/24 [120/1] via 172.17.0.2, 00:00:24, Serial0/0/0 
HYD-1 # 


Disable Auto Summary on CHE 

CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
CHE {con fig) # router rip 
CHE (config-router)# no auto-summary 
CHE (config-router)# end 
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Verify Routine Table on HYD-1 


HYD-1 it show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
l\ll - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level l, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 

16.0. 0.0/24 is subnetted, 3 subnets 

R 16.1.1.0 [120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 

R 16.1.2.0 [120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 

R 16.1.3.0 [120/1] via 172,16.0.1, 00:00:01, SerialO/Q/1 

17.0. 0.0/8 is variably subnetted, 6 subnets, 2 masks 

C 17.1.1.0/24 is directly connected, Loopbackl 

L 17,1,1,1/32 is directly connected, Loopbackl 
C 17.1.2.0/24 is directly connected, Loopback2 
L 17.1.2.1/32 is directly connected, Loopback2 
C 17.1.3.0/24 is directly connected, Loopback3 
L 17.1.3.1/32 is directly connected, Loopback3 
R 18.0.0.0/8 [120/1] via 172.17.0.2, 00:00:24, Serial0/0/0 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, SerialO/O/1 

L 172.16.0.2/32 is directly connected, SerialO/O/1 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, Serial0/0/0 

L 172.17.0.1/32 is directly connected, SerialO/0/0 
R 172.18.0,0/16 [120/1] via 172.17.0.2, 00:00:13, SerialO/O/O 
[120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 
R 192.168.201.0/24 [120/1] via 172.16.0.1, 00:00:01, SerialO/O/1 
192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202.1/32 is directly connected, FastEthernetO/0 
R 192.168.203.0/24 [120/1] via 172.17.0.2, 00:00:13, Serial0/0/0 


HYD-1# 
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OBJECTIVE: 

To configure RIPng routing for communicating between different IPv6 networks on different routers. 


TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 


Fa 0/1 


Fa 0/1 



Fa 0/0 

2001 : 1111 ::! 


Fa 0/0 

2001 : 2222 ::! 





Fa 0/0 

2001:2222::/64 




Fa 0/0 

2001:1111::/64 


Fa 0/1 2001 :5555::/64 


Fa 0/1 2001:5555-/64 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 7) 


TASK: 

• Configure RIPng on IPv6 Network 

• Verify RIPng on IPv6 Network 

• Verify Communication between the IPv6 networks 

• Verify RIPng protocol default settings 
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Configure RIPng on IPv6 Network 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ipvG unicast-routing 

HYD-1 (config) # ipv6 router rip cisco 

HYD-1 (config-rtr) ft exit 

HYD-1 (config) # interface fastethernet 0/0 

HYD-1 (config-if) # ipv6 rip cisco enable 

HYD-1 (config-if) # exit 

HYD-1 (config) # interface fastethernet 0/1 

HYD-1 (config-if) # ipv6 rip cisco enable 

HYD-1 (config-if) # end 

HYD-1# 

HYD-2 - Configuration 
HYD-2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-2 (config) # ipv6 unicast-routing 

HYD-2 (config) # ipv6 router rip cisco 

HYD-2 (config-rtr) # exit 

HYD-2 (config) # interface fastethernet 0/0 

HYD-2 (config-if) # ipv6 rip cisco enable 

HYD-2 (config-if) # exit 

HYD-2 (config) # interface fastethernet 0/1 

HYD-2 (config-if) # ipv6 rip cisco enable 

HYD-2 (config-if) # end 

HYD-2# 
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Verify RIPng on IPv6 Network 

Once RIP routing is enabled, IPv6 Networks learnt via RIP are added into the routing table. "R" 
represents RIP route. 


HYD-1 - Verification : 

HYD-1 # show ipv6 route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
II - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
ONI - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 
C 2001:llll::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001 : 1 11 1:: 1/12S [0/0] 
via FastEthernetO/0, receive 
R 2001:2222::/64 [120/2] 

via FES0: :2 1C: F6FF: FE85 : 1 FA1, FastEthernetO/1 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::1/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 
HYD-1# 

HYD-2 - Verification : 

HYD-2 # show ipv6 route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
II - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, IS - ISIS summary 
ONI - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 
R 2001:llll::/64 [120/2] 

via FE80::21C:F6FF:FE85:1FA1, FastEthernetO/1 
C 2001:2222 ::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:2222::1/128 [0/0] 
via FastEthernetO/O, receive 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::2/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 
HYD-2# 
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Verify communication between the IPv6 networks 


Verification from a Computer in HYP-1 Network 


ping 2001:2222::10 (Windows) or ping6 20Q1:2222::10 (Linux) 

PING 2001:2222::10(2001:2222::10) 56 data bytes 
64 bytes from 2001:2222::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:2222 : ; 10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms 

Verification from a Computer in HYD-2 Network 


ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux) 

PING 2001:1111:: 10(2001: 1111:: 10) 56 data bytes 
64 bytes from 2001:1111::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:1111:;10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:1111::10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:1111::10: icmp_seq=4 ttl=62 time=0.336 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in HYD-2 Network 

traeert 2001 : 2222 10 (Windows) or traceroute6 2001 : 2222 :: 10 (Linux) 

traceroute to 2001 : 2222 :: 10 (2001 : 2222 :: 10 } , 30 hops max, 80 byte packets 

1 2001:1111; : 1 (2001:1111: : 1 ) 2.825ms 3.239ms 3.665ms 

2 2001:5555: :2 (2001 : 5555 :: 2) 9.086 ms 9.393 ms 9.642 ms 

3 2001 : 2222 :: 10 (2001 : 2222 :: 10 ) 9.781 ms 10.474 ms 10.720 ms 


From a Computer in HYD-2 Network trace communication path to a Computer in HYD-1 Network 


tracert 2001 : 1111 10 (Windows) or traceroute6 2001 : 1111 10 (Linux) 


traceroute to 
1 2001:2222 

2 2001:5555 

3 2001:1111 


2001 : 1111 : : 10 
: 1 ( 2001 : 2222 ; 
: 1 (2001:5555; 
: 1 0 ( 2001:1111 


(2001 : 1111 : : 10) , 30 hops 
: 1 ) 1.071 ms 1.152 ms 

: 1 ) 4 . 303 ms 4 . 930 ms 

: : ID) 10.832 ms 11.444 


max, 80 byte packets 
1.238 ms 
5.419 ms 
ms 11.541 ms 
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LAB 12: OSPF ON IPv4 NETWORK 


OBJECTIVE: 

To configure OSPF Routing in a single area. 

To understand how OSPF works and fine tune OSPF configuration. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below: 


Fa D/0 
192. 1GB. 201.1 



SO/1 

172.18.0.2 


SO 
172.1G.0.1 









SO/Q/1 
172.16.0.2 


^ S 0/0/D 

[BSP 172.17.0.1 


f 


Fa 0/0 

192.168.202.1 



S 0/0 

172,16,0,0/16 


— l — 

S 0/1 

172,18,0,0/16 

Fa 0/0 

192,168.202.0/24 



S 0/0/0 

172.17.0.0/16 



S 0/0/1 

172.16.0.0/16 


5 0/0 
172.18-0,1 



SO/1 
17217.0.2 


Fa 0/0 

192, 1G 8. 203.1 





L- 







Fa 0/0 
S 0/0 
SO/1 


192.168.203.0/24 
172.18,0,0/16 
172,17 0.0/16 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 


TASK: 

• Configure OSPF - Single Area on IPv4 network 

• Verify OSPF - Single Area on IPv4 network 

• Verify Communication between the IPv4 networks 

• Verify OSPF Neighbour and Topology Table 

• Verify OSPF protocol default settings 

• Verify OSPF Packets on IPv4 network 

• Enable Passive Interface on IPv4 network 

• Configuring OSPF Cost metric for an interface 
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Configure OSPF - Single Area on IPv4 Network 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE (config) # ip routing 

CHE {config) # router ospf 1 

CHE (config-router) ft router-id 1.1. 1.1 

CHE (config-router) ff network 192.168.201.0 0.0.0.25S area 0 

CHE {config-router) # network 172.16.0.0 0.0.255.255 area 0 

CHE (config-router) # network 172.18.0.0 0.0.255.255 area 0 

CHE {config-router) # end 

CHE# 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip routing 

HYD-1 (config) # router ospf 2 

HYD-1 (config-router) # router-id 2.2.2.2 

HYD-1 (config-router) # network 192.168.202.0 0.255.255.255 area 0 
HYD-1 (config-router) # network 172.16.0.0 0.0.255.255 area 0 
HYD-1 (config-router) # network 172.17.0.0 0.0.255.255 area 0 
HYD-1 (config-router) # end 
HYD-1# 


BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config) # ip routing 

BAN (config) # router ospf 3 

BAN (config-router) # router-id 3.3.3.3 

BAN (config-router) # network 192.168.203.0 0.0.0.255 area 0 
BAN (config-router) # network 172.17.0.0 0.0.255.255 area 0 
BAN (config-router) # network 172.18.0.0 0.0.255.255 area 0 

BAN (config-router) # end 
BAN# 
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Verify OSPF - Single Area on IPv4 Network 

Once OSPF routing is enabled, the IPv4 Networks learned through OSPF are added into the routing 
table. "O" represents an OSPF route. 


C HE - Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, l\!2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

0 172.17.0.0/16 [110/128] via 172.16.0.2, 00:00:26, SerialO/O 

[110/128] via 172.18.0.1, 00:00:26, SerialO/1 
C 172.16.0.0/16 is directly connected, SerialO/O 
C 172.18.0.0/16 is directly connected, SerialQ/1 
C 192.168.201.0/24 is directly connected, FastEthernetO/O 
0 192.168.202.0/24 [110/64] via 172.16.0.2, 00:00:26, SerialO/O 
O 192.168.203.0/24 [110/64] via 172.18.0.1, 00:00:26, Serial0/1 
CHE# 


HYD-1- Verification : 

HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, SerialO/O/1 

L 172.16.0,2/32 is directly connected, SerialO/O/1 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, SerialO/O/O 

L 172.17.0.1/32 is directly connected, SerialO/O/O 
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0 172.18.0.0/16 [110/128] via 172.17.0.2, 00:01:21, Serial0/0/0 

[110/128] via 172.16.0.1, 00:03:17, Serial0/0/l 
0 192,168.201,0/24 [110/64] via 172.16.0.1, 00:03:17, SerialO/O/1 

192,168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202.1/32 is directly connected, FastEthernet0/0 
O 192,168.203.0/24 [110/64] via 172.17.0.2, 00:01:21, Serial0/0/0 
HYD-1 # 


BAN - Verification : 

BAN # show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, Serial0/1 
O 172.16.0.0/16 [110/128] via 172.17.0.1, 00:01:40, SerialO/1 

[110/128] via 172.18.0.2, 00:01:40, Serial0/0 
C 172.18.0.0/16 is directly connected, Serial0/0 
O 192.168.201.0/24 [110/64] via 172.18.0.2, 00:01:40, Serial0/0 
O 192.168.202.0/24 [110/64] via 172.17.0,1, 00:01:40, Serial0/1 
C 192.168.203.0/24 is directly connected, FastEthernet0/0 
BAN# 


Verify communication between the IPv4 networks 


Verification from a Computer in HYD-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10; icmp_seq=l ttl=62 time=24,Q ms 
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192,168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms 
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ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 


Repeat the above ping verification from a computer in CHE and BAN Network. 


From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network 


tracert 192.168.201.10 (Windows) or traceroute 192.168,201.10 (Linux) 

traceroute to 192*168.201.10 (192 . 168 . 201 . 10 ) f 30 hops max, 38 byte packets 

1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms 

2 172.16.0,1 (172.16.0,1) 2.295ms 2.156ms 2.209ms 

3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network 

tracert 192 , 168 , 203 , 10 (Windows) or traceroute 192.168.203.10 (Linux) 

traceroute to 192.168,203.10 (192.168.203,10), 30 hops max, 38 byte packets 

1 192.168.202.1 (192,168,202,1) 1.086ms 1,124ms 1.144ms 

2 172.17.0.2 (172.17.0.2) 2.295 ms 2.156 ms 2.209 ms 

3 192.168.203,10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms 


Repeat the above trace communication path from a computer in CHE and BAN Network. 


Verify OSPF Neighbour and Database Table 


CHE - Verification: 


CHE # show ip ospf neighbor 


Neighbor ID 

Pri 

State 

Dead Time 

Address 

Interface 

2. 2. 2.2 

1 

FULL/ - 

00:00:33 

172.16.0.2 

Serial0/0 

3. 3. 3. 3 

1 

FULL/ - 

00:00:37 

172.18.0.1 

SerialO/1 

CHE# 






CHE # show ip ospf database 






OSPF Router with ID (1.1, 1.1) (Process ID 1) 



Router Link States (Area 0) 


Link ID 


ADV Router 

Age 

Seq# 

Checksum 

1.1. 1.1 


1.1. 1.1 

56 

0x80000005 

0x385F 

2. 2. 2.2 


2.22.2 

48 

0x80000005 

0xD3A9 

3. 3. 3.3 


3. 3. 3. 3 

46 

0x80000004 

0x87B 

CHE# 


Link count 
5 
5 
5 
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HYD-1 - Verification : 

HYD-1 # show ip ospf neighbor 


Neighbor ID 

Pri 

State 

Dead Time 

Address 

Interface 

3. 3. 3. 3 

0 

FULL/ - 

00:00:32 

172.17.0.2 

Seri a 10/0/0 

1. 1.1.1 

0 

FULL/ - 

00:00:31 

172.16.0.1 

Seri a 10/0/1 

HYD-1# 






HYD-1 # show ip ospf database 





OSPF Router with ID (2.2.2.2) (Process ID 2) 



Router Link States (Area 0) 


Link ID 


ADV Router 

Age 

Seq# 

Checksum 

l.l.l.l 


l.l.l.l 

56 

0x80000005 

0x385F 

2. 2. 2. 2 


2. 2. 2. 2 

48 

0x80000005 

0xD3A9 

33.3.3 


3.3.33 

46 

0x80000004 

0x87B 

HYD-1# 


Link count 
5 
5 
5 


BAN - Verification: 


BAN # show ip ospf neighbor 


Neighbor ID Pri State Dead Time Address Interface 

1.1. 1.1 1 FULL/ - 00:00:39 172.18.0.2 Serial0/0 

2. 2. 2. 2 1 FULL/ - 00:00:33 172.17.0.1 Serial0/1 

BAN# 


BAN # show ip ospf database 

OSPF Router with ID (3. 3. 3.3) (Process ID 3) 


Router Link States (Area 0) 


Link ID 

ADV Router 

Age 

Seq# 

Checksum 

Link count 

l.l.l.l 

l.l.l.l 

56 

0x80000005 

0x385F 

5 


2. 2. 2. 2 

2. 2. 2. 2 

48 

0x80000005 

0xD3A9 

5 


3.3.33 

3.3.33 

46 

0x80000004 

0x87B 

5 


BAN# 
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Verify OSPF protocol default settings 


Example - HYD-1 

HYD-1 # show ip protocols 

*** IP Routing is NSF aware *** 

Routing Protocol is "ospf 2" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Router ID 2. 2. 2. 2 

Number of areas in this router is 1. 1 normal 0 stub 0 nssa 
Maximum path: 4 
Routing for Networks: 

172.16.0. 0 0.0.255.255 area 0 

172.17.0. 0 0.0.255.255 area 0 
192.168.202.0 0.0.0.255 area 0 

Routing Information Sources: 

Gateway Distance Last Update 
3. 3. 3.3 110 00:01:20 

1.1. 1.1 110 00:03:16 

Distance: {default is 110) 

HYD-1# 

Verify OSPF Hello Packets 

Verify default behaviour of OSPF Hello packets by enabling debug commands 

Example - HYD-1 

HYD-1 # terminal monitor 
HYD-1 # debug ip ospf hello 

OSPF hello events debugging is on 
HYD-1# 

*Jul 22 20:00:44.967: OSPF: Rev hello from 192.168.203.1 area 0 from Serial0/0/0 172.17.0.2 
*Jul 22 20:00:44.967: OSPF: End of hello processing 

*Jul 22 20:00:46.011: OSPF: Send hello to 224.0.0.5 area 0 on GigabitEthernet0/0 from 10.0.0.1 
*Jul 22 20:00:47.959: OSPF: Rev hello from 192.168.201.1 area 0 from Serial0/0/1 172.16.0.1 
*Jul 22 20:00:47.959: OSPF: End of hello processing 

*Jul 22 20:00:49.779: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0 from 172.17.0.1 

*Jul 22 20:00:51.263: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/l from 172.16.0.2 

*Jul 22 20:00:54.967: OSPF: Rev hello from 192.168.203.1 area 0 from Serial0/0/0 172.17.0.2 
*Jul 22 20:00:54.967: OSPF: End of hello processing 

*Jul 22 20:00:55.279: OSPF: Send hello to 224.0.0.5 area 0 on GigabitEthernet0/0 from 10.0.0.1 
*Jul 22 20:00:57.959: OSPF: Rev hello from 192.168.201.1 area 0 from SerialO/0/1 172.16.0.1 
*Jul 22 20:00:57.959: OSPF: End of hello processing 

*Jul 22 20:00:59.011: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0 from 172.17.0.1 

*Jul 22 20:01:00.963: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/l from 172.16.0.2 

HYD-1# 

HYD-1 # undebug all 
HYD-1 # terminal no monitor 
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Enable passive interface on OSPF 

This command disables OSPF Hello packets from being sent on that interface. 


Example - HYD-1 
HYD-1# configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # router ospf 2 

HYD-1 (config-router) # passive-interface FastEthernet 0/0 

HYD-1 (config-router) # end 

After enabling above commands, again verify default behaviour of OSPF Hello packets by enabling 
debug commands. Now you will not able see the following line in the debug outputs. 

OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet 0/0 from 192.168.202.1 


This means that you have successfully disabled sending of OSPF Hello packet on selected Interface, 


HYD-1- Verification : 

HYD-1 # show ip protocols 

*** IP Routing is NSF aware *** 

Routing Protocol is "ospf 2" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Router ID 2. 2. 2. 2 

Number of areas in this router is 1. 1 normal 0 stub 0 nssa 
Maximum path: 4 
Routing for Networks: 

172.16.0. 0 0.0,255.255 area 0 

172.17.0. 0 0.0.255.255 area 0 
192.168.202.0 0.0.0.255 area 0 

Passive Interface(s): 

FastEthernet0/0 
Routing Information Sources: 

Gateway Distance Last Update 
3.33.3 110 00:01:20 

1.1. 1.1 110 00:03:16 

Distance: (default is 110) 
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Configuring OSPF Cost metric for an interface 

This command will configure OSPF Cost metric for an interface. 


Verification - HYD-1 

HYD-1 # show ip ospf interface brief 

Interface PID Area IP Address/Mask Cost State Nbrs F/C 
Se0/0/0 1 0 172.17.0.1/16 64 P2P 1/1 

Se0/0/l 1 0 172.16.0.2/16 64 P2P 1/1 

HYD-1# 


Example - HYD-1 

HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # interface serial 0/0/0 

HYD-1 (config-router) # ip ospf cost 100 

HYD-1 (config-router) # end 

HYD-1# 


Verification - HYD-1 


HYD-1 # show ip ospf interface brief 

Interface PID Area IP Address/Mask Cost State Nbrs F/C 
Se0/0/0 1 0 172.17.0.1/16 100 P2P 1/1 

Se0/0/1 1 0 172.16.0.2/16 64 P2P 1/1 

HYD-1# 
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LAB 13: OSPF - MULTIPLE AREA ON IPv4 NETWORK 


OBJECTIVE: 

To configure OSPF with a backbone area (area 0) and multiple areas connected to the backbone. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below: 


so/i 

172.18.0.2 


ter* 




Fa 0/0 
192.163,201.1 


n*, 

172.16.0.1 


m 


AREA 0 





mt ta 


Fa 0/0 
S 0/0 
S 0/1 


192.168,201.0/24 

172.16.0. 0/16 

172.18.0. 0/16 


S0/0/1 


S 0/0/0 



Fa 0/0 
S 0/0/0 
S 0/0/1 


192,168,202,0/24 

172.17.0. 0/16 

172.16.0. 0/16 


SO/0 

17Z.18.D.1 


SO/l 

172.17.0.2 


m 

Fa 0/0 

192.168.203.1 


|VVBMS 

172.16.0,2^ 

2P 172,17.0.1 




Fa 0/0 

192.168.202,1 


AREA 1 


AREA 2 



Fa 0/0 
S 0/0 
S 0/1 




192.168.203.0/24 

172.18.0. 0/16 

172.17.0. 0/16 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 


TASK: 

• Configure OSPF - Multiple Area on IPv4 network 

• Verify OSPF - Multiple Area on IPv4 network 

• Verify Communication between the IPv4 networks 

• Verify OSPF Neighbour and Topology Table 
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Configure OSPF Routing with backbone area and multiple connected areas on IPv4 Network 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE (config) # ip routing 

CHE {config) # router ospf 1 

CHE (config-router) ft router-id 1.1. 1.1 

CHE (config-router) ff network 192.168.201.0 0.0.0.25S area 1 

CHE {config-router) # network 172.16.0.0 0.0.255.255 area 0 

CHE (config-router) # network 172.18.0.0 0.0.255.255 area 0 

CHE {config-router) # end 

CHE# 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip routing 

HYD-1 (config) # router ospf 2 

HYD-1 (config-router) # router-id 2.2.2.2 

HYD-1 (config-router) # network 192.168.202.0 0.255.255.255 area 0 
HYD-1 (config-router) # network 172.16.0.0 0.0.255.255 area 0 
HYD-1 (config-router) # network 172.17.0.0 0.0.255.255 area 0 
HYD-1 (config-router) # end 
HYD-1# 


BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config) # ip routing 

BAN (config) # router ospf 3 

BAN (config-router) # router-id 3.3.3.3 

BAN (config-router) # network 192.168.203.0 0.0.0.255 area 2 
BAN (config-router) # network 172.17.0.0 0.0.255.255 area 0 
BAN (config-router) # network 172.18.0.0 0.0.255.255 area 0 

BAN (config-router) # end 
BAN# 
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Verify OSPF - Multiple Area on IPv4 Network 

Once OSPF routing is enabled, IP networks learned through OSPF are added into the routing table. 
"IA" represents OSPF Inter Area route. 


C HE - Verification : 

CHE # show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, M2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

0 172.17.0.0/16 [110/128] via 172.18.0.1, 00:00:50, Serial0/1 

[110/128] via 172.16.0.2, 00:00:50, Serial0/0 
C 172.16.0.0/16 is directly connected, Serial0/0 
C 172.18.0.0/16 is directly connected, Serial0/1 
C 192.168.201.0/24 is directly connected, FastEthernet0/0 
O 192.168.202.0/24 [110/64] via 172.16.0.2, 00:00:50, Serial0/0 
O IA 192.168.203.0/24 [110/64] via 172.18.0.1, 00:00:49, Serial0/1 
CHE# 


HYD-1- Verification : 

HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 

o - ODR, P - periodic downloaded static route, + - replicated route 

Gateway of last resort is not set 

172,16 0.0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, SerialO/O/1 
L 172.16.0.2/32 is directly connected, SerialO/O/1 
172,17.0.0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, SerialO/O/O 
L 172.17.0.1/32 is directly connected, SerialO/O/O 
O 172.18.0.0/16 [110/128] via 172.17.0.2, 00:02:23, SerialO/O/O 

[110/128] via 172.16.0.1, 00:02:23, Seria 10/0/1 


CCNA Lab Manua 


Page 


115 


www.zoomgroup.com 


ZOOM 

TECHNOLOGIES 



0 I A 192.168.201.0/24 [110/64] via 172.16.0.1, 00:02:23, Serial0/0/l 
192,168.202,0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168,202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202,1/32 is directly connected, FastEthernet0/0 
O I A 192.168.203.0/24 [110/64] via 172.17.0.2, 00:01:25, Seria 10/0/0 
HYD-1 # 


BAN - Verification: 


BAN # show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS4S 
ia - IS-IS inter area, * - candidate default, U - per user sta 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, SerialO/l 
0 172.16.0.0/16 [110/128] via 172.18.0.2, 00:02:02, Serial0/0 

[110/128] via 172.17.0.1, 00:02:02, Serial0/1 
C 172.18.0.0/16 is directly connected, Serial0/0 
O IA 192.168.201.0/24 [110/64] via 172.18.0.2, 00:02:02, Serial0/0 
O 192.168.202.0/24 [110/64] via 172.17.0.1, 00:02:02, Serial0/1 
C 192.168,203.0/24 is directly connected, FastEthernet0/0 
BAN# 


Verify communication between the IPv4 networks 


Verification from a Computer in HYD-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10; icmp_seq=l ttl=62 time=24,0 ms 
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.Q ms 
64 bytes from 192,168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms 
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PING 192,168.203.10 (192.168.203,10) 56(84) bytes of data, 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 


Repeat the above ping verification from a computer in CHE and BAN Network. 


From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network 


tracert 192.168.201.10 (Windows) or traceroute 192.168,201.10 (Linux) 

traceroute to 192,168.201.10 {192.168.201.10), 30 hops max, 38 byte packets 

1 192.168.202.1 (192.168.202.1) 1,086 ms 1.124 ms 1.144 ms 

2 172.16.0,1 (172,16.0,1) 2.295ms 2.156ms 2.209ms 

3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network 

tracert 192 , 168 , 203 , 10 (Windows) or traceroute 192.168.203.10 (Linux) 

traceroute to 192,168,203,10 (192,168.203,10), 30 hops max, 38 byte packets 

1 192.168.202.1 (192,168,202,1) 1.086ms 1,124ms 1.144ms 

2 172.17.0.2 (172.17.0,2) 2.295ms 2.156ms 2.209ms 

3 192.168.203,10 (192.168.203,10) 3.295 ms 3.156 ms 3.209 ms 


Repeat the above trace communication path from a computer in CHE and BAN Network. 
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Verify OSPF Neighbour and Database Table 


CHE - Verification: 


CHE # show ip ospf neighbor 


Neighbor ID Pri State Dead Time Address Interface 


2.22.2 

1 

FULL / - 

00:00:33 

172.16.0.2 

Serial0/0 


33.3.3 

1 

FULL/ - 

00:00:37 

172.18.0.1 

SerialO/l 


CHE# 







CHE # show ip ospf database 







OSPF Router with ID (1.1, 1.1) (Process ID 1) 




Router Link States (Area 0} 



Link ID 


ADV Router 

Age 

Seq# 

Checksum 

Link Ci 

1, 1.1,1 


1,1, 1.1 

56 

0x80000005 

0x385F 

4 

2. 2. 2.2 


22.2.2 

48 

0x80000005 

OxD3A9 

5 

3,3,33 


333.3 

46 

0x80000004 

0x87B 

4 



Summary Net Link States (Area 0) 


Link ID 


ADV Router 

Age 

Seq# 

Checksum 


192.168.201.0 


1.1. 1.1 

586 

0x80000001 

0x655 


192.168.203.0 


1.1. 1.1 

586 

0x80000001 

0x655 




Router Link States (Area 1} 



Link ID 


ADV Router 

Age 

Seq# 

Checksum 

Link ci 

1.1, 1.1 


1. 1.1.1 

596 

0x80000001 

0x4 B98 

1 



Summary Net Link States (Area 1) 


Link ID 


ADV Router 

Age 

Seq# 

Checksum 


192.168.202.0 


1. 1.1.1 

379 

0x80000001 

0x7312 


172.16.0.0 


l.l.l.l 

364 

0x80000004 

0x6070 


172.17.0.0 


l.l.l.l 

145 

0x80000003 

0xD8B7 


172.18.0.0 


l.l.l.l 

116 

0x80000004 

0x4886 


192.168.203.0 


l.l.l.l 

121 

0x80000001 

0x23FF 


CHE # 







HYD-1 - Verification: 





HYD-1 # show ip ospf neighbor 




Neighbor ID 

Pri 

State 

Dead Time 

Address 

Interface 


3.3.33 

0 

FULL/ - 

00:00:32 

172.17.0.2 

SerialQ/0/0 


1.1. 1.1 

0 

FULL/ - 

00:00:31 

172.16.0.1 

SerialQ/0/1 



HYD-1 # 
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HYD-1 # show ip ospf database 


OSPF Router with ID (2,2,2,2) {Process ID 2) 


Router Link States (Area 0} 


Link ID 

ADV Router 

Age 

Seq# 

Checksum 

Link count 

1.1X1 

1X1,1 

56 

0x80000005 

0x385F 

4 


2,2. 2,2 

2, 2,2. 2 

48 

0x80000005 

0xB3A9 

5 


33.3,3 

3.33.3 

46 

0x80000004 

0x87B 

4 



Summary Net Link States (Area 0) 


Link ID 

ADV Router 

Age 

Seq# 

Checksum 

192.168.201.0 

l.l.l.l 

586 

0x80000001 

0x655 

192.168.203.0 

33.3.3 

586 

0x80000001 

0x655 


HYD-1# 


BAN - Verification: 


BAN # show ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

1.1.1.1 1 FULL/ - 00:00:39 172.18.0.2 Serial0/0 

2. 2. 2. 2 1 FULL/ - 00:00:33 172.17.0.1 Serial0/1 

BAN# 


BAN # show ip ospf database 


OSPF Router with ID (33.3.3) (Process ID 3) 


Router Link States (Area 0) 


Link ID 

ADV Router 

Age 

Seq# 

Checksum 

Link count 

l.l.l.l 

l.l.l.l 

56 

0x80000005 

0x385F 

4 


2. 2. 2. 2 

2. 2. 2. 2 

48 

0x80000005 

0xD3A9 

5 


3.3.33 

3333 

46 

0x80000004 

0x87B 

4 



Summary Net Link States (Area 0) 


Link ID 

ADV Router 

Age 

Seq# 

Checksum 

192.168.201.0 

l.l.l.l 

586 

0x80000001 

0x655 

192.168.203.0 

l.l.l.l 

586 

0x80000001 

0x655 
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Router Link States (Area 2) 


Link ID 

ADV Router 

Age 

Seq# 

Checksum 

Link count 

3.33.3 

3.33.3 

596 

0x80000001 

0x4B98 

1 

Link ID 

Summary Net Link States (Area 2} 

ADV Router Age Seq# 

Checksum 


192.168.202.0 

33.3.3 

379 

0x80000001 

0x7312 


172.16.0.0 

333.3 

364 

0x80000004 

0x6070 


172.17.0.0 

3333 

145 

0x80000003 

0xD8B7 


172.18.0.0 

3333 

116 

0x80000004 

0x4886 


192.168.203.0 

3333 

121 

0x80000001 

0x23FF 



BAN# 
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LAB 14: OSPFv3 ON IPv6 NETWORK 


OBJECTIVE: 

To configure OSPFv3 Routing in a single area. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below: 



Fa 0/1 

2001:5555::1 


Fa 0/1 
2001:5555::2 




Fa 0/0 

2001 : 1111 ::! 


AREA0 


Fa 0/0 

2001 : 2222 ::! 




Fa 0/0 2001:1111 ::/64 

Fa 0/1 2001 :5555::/64 


Fa 0/0 2001 :2222::/64 

Fa 0/1 2001 :5555::/64 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 

TASK: 

• Configure OSPFv3 on IPv6 network 

• Verify OSPFv3 on IPv6 network 

• Verify communication between the IPv6 networks 

• Verify OSPFvB Neighbor and Topology Table on IPv6 network 


CCNA Lab Manual 


Page 


121 


www.zoomgroup.com 








Configure 0SPFv3 on IPv6 Network 



ZOOM 


TECHNOLOGI E 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (eonfig) # ipv6 unicast-routing 

HYD-1 (eonfig) # ipv6 router ospf 2 

HYD-1 (config-rtr) # router-id 11.11.11.11 

HYD-1 (config-rtr) ft exit 

HYD-1 (eonfig) # interface fastethernet 0/0 

HYD-1 (config-if) # ipv6 ospf 2 area 0 

HYD-1 (config-if) # exit 

HYD-1 (eonfig) # interface fastethernet 0/1 

HYD-1 (config-if) # ipv6 ospf 2 area 0 

HYD-1 (config-if) # end 

HYD-1# 


HYD-2 - Configuration 
HYD-2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-2 (eonfig) # ipv6 unicast-routing 

HYD-2 (eonfig) # ipv6 router ospf 2 

HYD-2 (config-rtr) # router-id 22.22.22.22 

HYD-2 (config-rtr) # exit 

HYD-2 (eonfig) # interface fastethernet 0/0 

HYD-2 (config-if) # Ipv6 ospf 2 area 0 

HYD-2 (config-if) # exit 

HYD-2 (eonfig) # interface fastethernet 0/1 

HYD-2 (config-if) # ipv6 ospf 2 area 0 

HYD-2 (config-if) # end 

HYD-2# 
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Verify 0SPFv3 on IPv6 Network 

Once OSPF routing is enabled, IPv6 Networks learnt via OSPF are added into the routing table. "O" 
represents OSPF route. 

HYD-l - Verification : 

HYD-1 # show ip route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
0 - OSPF Intra, 01 - OSPF Inter, 0E1 - OSPF ext 1, 0E2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, 0N2 - OSPF NSSA ext 2 
C 2001:llll::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:1111::1/128 [0/0] 
via FastEthernetO/O, receive 
0 2001:2222 ::/64 [110/2] 

via FE80::21C:F6FF:FE85:1FA1, FastEthernetO/1 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::1/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 
HYD-l# 

HYD-2- Verification : 

HYD-2 # show ipv6 route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
O - OSPF Intra, Ol - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 
O 2001:llll::/64 [110/2] 

via FE80::21B:2AFF:FEA4:2FE9, FastEthernetO/1 
C 2001:2222::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:2222;:1/128 [0/0] 
via FastEthernetO/O, receive 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/l, directly connected 
L 2001:5555::2/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 


HYD-2# 
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Verify communication between the IPv6 networks 


Verification from a Computer in HYP-1 Network 


ping 2001:2222::10 (Windows) or ping6 20Q1:2222::10 (Linux) 

PING 2001:2222::10(2001:2222::10) 56 data bytes 
64 bytes from 2001:2222::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:2222 : : 10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms 

Verification from a Computer in HYD-2 Network 


ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux) 

PING 2001:1111:: 10(2001: 1111:: 10) 56 data bytes 
64 bytes from 2001:1111::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:1111:;10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:1111::10: icmp_seq=3 ttl=62 time=0,335 ms 
64 bytes from 2001:1111::10: icmp_seq=4 ttl=62 time=0.336 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in HYD-2 Network 

tracert 2001 : 2222 :: 10 (Windows) or traceroute6 2001 : 2222 :: 10 (Linux) 

traceroute to 2001 : 2222 :: 10 (2001 : 2222 :: 10} , 30 hops max, 80 byte packets 

1 2001:1111: : 1 (2001:1111: : 1 ) 2.825ms 3.239ms 3.665ms 

2 2001:5555: : 2 (2001 : 5555 :: 2} 9.086 ms 9.393 ms 9.642 ms 

3 2001 : 2222 :: 10 (2001 : 2222 :: 10 ) 9.781 ms 10.474 ms 10.720 ms 


From a Computer in HYD-2 Network trace communication path to a Computer in HYD-1 Network 


tracert 2001 : 1111 :: 10 (Windows) or traceroute6 2001 : 1111 :: 10 (Linux) 


traceroute to 
1 2001:2222 

2 2001:5555 

3 2001:1111 


2001 : 1111 : : 10 
: 1 ( 2001 : 2222 : 
: 1 (2001:5555: 
: 1 0 ( 2001:1111 


(2001 : 1111: : 10) , 30 hops 
: 1 ) 1.071 ms 1.152 ms 

: 1 ) 4 . 303 ms 4 , 930 ms 

: : ID) 10.832 ms 11.444 


max, 80 byte packets 
1.238 ms 
5.419 ms 
ms 11.541 ms 
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Verify OSPF Neighbour and Database Table on IPv6 Network 


HYD-l - Verification : 

HYD-l # show ipv6 ospf neighbor 

Neighbor ID Pri State Dead Time Interface ID Interface 

22.22.22.22 1 FULL/DR 00:00:34 4 FastEthernetO/1 

HYD-l# 


HYD-l # show ipv6 ospf database 


OSPFv3 Router with ID (11,11,11.11) (Process ID 2) 


Router Link States (Area 0) 


ADV Router 

Age 

Seq# Fragment ID 

Link count 

Bits 

11.11,11.11 

234 

0x80000002 

0 

1 

None 

22.22.22.22 

233 

0x80000002 

0 

1 

None 



Net Link States (Area 0) 



ADV Router 

Age 

Seq# 

Link ID 

Rtr count 


22 . 22 . 22.22 

233 

0x80000001 

4 

2 



HYD-2# 


HYD-2 - Verification : 

HYD-2 # show ipv6 ospf neighbor 

Neighbor ID Pri State Dead Time Interface ID Interface 

11.11.11.11 1 FULL/BDR 00:00:34 4 FastEthernetO/1 

HYD-2 # 


HYD-2 # show ipv6 ospf database 


OSPFv3 Router with ID (22.22.22.22) (Process ID 2) 


Router Link States (Area 0) 


ADV Router 

Age 

Seq# 

Fragment ID 

Link count 

Bits 

11.11.11.11 

234 

0x80000002 

0 

1 

None 

22.22.22.22 

233 

0x80000002 

0 

1 

None 



Net Link States (Area 0) 



ADV Router 

Age 

Seq# 

Link ID 

Rtr count 


22.22.22.22 

233 

0x80000001 

4 

2 



HYD-2# 
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LAB 15: EIGRP ON IPv4 network 


OBJECTIVE: 

To configure EIGRP for communicating between different IPv4 networks on different routers. 
To understand how EIGRP works and fine tune EIGRP configuration. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below : 


ton* 


5 0/1 

172,18.0,2 


Fa 0/0 
192.168,201.1 



SO 
172.16,0,1 





Fa 0/0 
S 0/0 
S 0/1 


192.168.201.0/24 

172.16.0. 0/16 

172.18.0. 0/16 


AS 100 


S O/O/l 
172.16.02 



S O/O/O 
172,17.0.1 


in 

u. 





M *- 


Fa 0/0 
5 0/0/0 
S 0/0/1 


192,168.202,0/24 

172.17.0. 0/16 

172.16.0. 0/16 


SD/D 

172.18.0.1 



SO/1 
172.17.0.2 


Fa 0/0 

192.168.203.1 


—* 

L 


Fa 0/D 


pc , 




192.168.202,1 









Fa 0/0 

192.168.203.0/24 


S 0/0 
S 0/1 


172.18.0. 0/16 

172.17.0. 0/16 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 


TASK: 

• Configure EIGRP Routing on IPv4 network 

• Verify EIGRP Routing on IPv4 network 

• Verify Communication between the IPv4 networks 

• Verify EIGRP Neighbour and Topology Table on IPv4 networks 

• Verify EIGRP protocol default settings 

• Verify EIGRP Packets 

• Enable Passive Interface on EIGRP 

• Verify interfaces configured for EIGRP 
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Configure EIGRP Routing on IPv4 network 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE {config) # ip routing 

CHE (config) # router eigrp 100 

CHE {config-router) tt network 192.168.201.0 0.0.0.255 
CHE (config-router) tt network 172.16.0.0 0.0.255.255 
CHE (config-router) tt network 172.18.0.0 0.0.255.255 

CHE (config-router) tt end 
CHE# 

HYD-1 - Configuration 
HYD-1 tt configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) tt ip routing 
HYD-1 (config) # router eigrp 100 

HYD-1 (config-router) tt network 192.168.202.0 0.0.0.255 
HYD-1 (config-router) # network 172.16.0.0 0.0.255.255 
HYD-1 (config-router) # network 172.17.0.0 0.0.255.255 
HYD-1 (config-router) tt end 
HYD-1# 

BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config) # ip routing 

BAN (config) # router eigrp 100 

BAN (config-router) # network 192.168.203.0 0.0.0.255 
BAN (config-router) # network 172.17.0.0 0.0.255.255 
BAN (config-router) # network 172.18.0.0 0.0.255.255 
BAN (config-router) # end 
BAN# 
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Verify EIGRP Routing 

Once EIGRP routing is enabled, IPv4 Networks learnt via EIGRP are added into the routing table. "D" 

represents EIGRP route. 

CHE - Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 


D 172.17.0.0/16 [90/2681856] via 172.16.0.2, 00:02:18, SerialO/O 

[90/2681856] via 172.18.0.1, 00:02:18, SerialO/1 
C 172.16,0.0/16 is directly connected, SerialO/O 
C 172.18.0.0/16 is directly connected, SerialO/1 
C 192.168.201.0/24 is directly connected, FastEthernetO/O 
D 192.168.202.0/24 [90/2172416] via 172.16.0.2, 00:02:18, SerialO/O 
D 192.168.203.0/24 [90/2172416] via 172.18.0.1, 00:02:18, SerialO/1 
CHE # 


HYD-1- Verification: 


HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
El - OSPF external type 1, E2 - OSPF external type 2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 

172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, SerialO/O/l 

L 172.16.0.2/32 is directly connected, SerialO/O/1 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, Serial0/0/0 

L 172.17.0.1/32 is directly connected, Serial0/0/0 
D 172.18.0.0/16 [90/2681856] via 172.17.0.2, 00:02:53, Serial0/0/0 

[90/2681856] via 172.16.0.1, 00:02:53, Serial0/0/l 
D 192.168.201.0/24 [90/2172416] via 172.16.0.1, 00:02:48, Serial0/0/l 
192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202.1/32 is directly connected, FastEthernet0/0 
D 192.168.203.0/24 [90/2172416] via 172.17.0.2, 00:02:50, Serial0/0/0 
HYD-1# 
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BAN - Verification : 

BAN # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, Serial0/1 
D 172.16.0.0/16 [90/2681856] via 172.17.0.1, 00:03:17, Serial0/1 

[90/2681856] via 172,18.0.2, 00:03:17, Serial0/0 
C 172.18.0.0/16 is directly connected, Serial0/0 
D 192.168.201.0/24 [90/2172416] via 172.18.0.2, 00:03:17, Serial0/0 
D 192.168.202.0/24 [90/2172416] via 172.17.0.1, 00:03:17, Serial0/1 
C 192.168.203.0/24 is directly connected, FastEthernet0/0 
BAN# 


Verify communication between the IPv4 networks 


Verification from a Computer in HYD-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l ttl=62 tirne=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24,l ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

Repeat the above ping verification from a computer in CHE and BAN Network. 




From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network 


tracert 192.168.201.10 (Windows) or traceroute 192.168,201,10 (Linux) 

traceroute to 192.168*201*10 (192*168*201*10), 30 hops max, 33 byte packets 

1 192.168.202.1 (192.168.202.1) 1*086 ms 1.124 ms 1.144 ms 

2 172,16.0,1 (172,16.0,1) 2.295 ms 2.156 ms 2.209 ms 

3 192*168*201*10 (192. 168.202. 10) 3*295 ms 3*156 ms 3*209 ms 


From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network 


tracert 192*168*203*10 (Windows) or traceroute 192*168.203.10 (Linux) 

traceroute to 192,168.203,10 (192.168.203.10) ^ 30 hops max, 38 byte packets 

1 192*168*202*1 (192*168*202*1) 1*086 ms 1*124 ms 1*144 ms 

2 172*17.0*2 (172*17.0*2) 2.295 ms 2,156 ms 2.209 ms 

3 192,168,203,10 (192,168,203,10) 3*295 ms 3*156 ms 3.209ms 


Repeat the above trace communication path from a computer in CHE and BAN Network. 


Verify EIGRP Neighbour and Topology Table on IPv4 Network 


CHE - Verification : 

CHE # show ip eigrp neighbor 

I P-EIGRP neighbors for process 100 


H 

Address 

Interface 

(sec) 

Hold 

(ms) 

Uptime 

SRTT 

RTO 

Cnt 

Q 

Num 

Seq 

Type 

1 

172.18.0.1 

SeO/1 

13 

00:02:22 

28 

200 

0 

6 


0 

172.16.0.2 

Se0/0 

11 

00:03:29 

27 

200 

0 

10 



CHE# 


CHE # show ip eigrp topology 

I P-EIGRP Topology Table for AS(10)/ID( 192. 168.201.1) 

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, 
r - Reply status 

P 192.168,201.0/24, 1 successors, FD is 281600 
via Connected, FastEthernetO/0 
P 192.168.202.0/24, 1 successors, FD is 2172416 
via 172.16.0.2 (2172416/28160), SerialO/O 
P 192.168.203,0/24, 1 successors, FD is 2172416 
via 172.18.0.1 (2172416/28160), Serial0/1 
P 172.16.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/0 
P 172.17.0.0/16, 2 successors, FD is 2681856 

via 172.18.0.1 (2681856/2169856), SerialO/1 
via 172.16.0.2 (2681856/2169856), Serial0/0 
P 172.18.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/1 
CHE# 
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HYD-1 - Verification : 

HYD-1 # show ip eigrp neighbor 
EIGRP-IPv4 Neighbors forAS(lOO) 


H 

Address 

Interface 

(sec) 

Hold 

Uptime 

(ms) 

SRTT 

RTO 

Cnt 

Q 

Num 

Seq 

Type 

1 

172.16.0.1 

Se0/0/l 

13 

01:06:11 

28 

200 

0 

7 


0 

172.17.0.2 

SeO/0/0 

14 

01:09:47 

26 

200 

0 

10 



HYD-1# 


HYD-1 # show ip eigrp topology 

EIGRP-IPV4 Topology Table for AS(100)/ID(192.168.202.1) 
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, 
r - reply Status, s - sia Status 


P 192.168.203.0/24, 1 successors, FD is 2172416 
via 172.17.0.2 (2172416/28160), SerialO/O/O 
P 172.16.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/0/1 
P 172.18.0.0/16, 2 successors, FD is 2681856 

via 172.16.0.1 (2681856/2169856), Serial0/0/l 
via 172.17.0.2 (2681856/2169856), SerialO/0/0 
P 172.17.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/0/0 
P 192.168.201.0/24, 1 successors, FD is 2195456 
via 172.16.0.1 (2195456/281600), Serial0/0/l 
P 192.168.202.0/24, 1 successors, FD is 28160 
via Connected, FastEthernetO/O 
HYD-1# 


BAN - Verification: 


BAN # show ip eigrp neighbor 

IP-EIGRP neighbors for process 100 


H 

Address 

Interface 

(sec) 

Hold 

Uptime 

(ms) 

SRTT 

RTO 

Cnt 

Q 

Num 

Seq 

Type 

i 

172.17.0.1 

Se0/1 

13 

00:00:53 

69 

200 

0 

11 


0 

172.18.0.2 

Se0/0 

13 

00:01:02 

411 

2466 

0 

12 



BAN# 


BAN # show ip eigrp topology 

IP-EIGRP Topology Table for AS(100)/ID(192. 168.203.1) 

Codes: P - Passive, A- Active, U - Update, Q- Query, R - Reply, 
r - reply Status, s - sia Status 

P 192.168.201.0/24, 1 successors, FD is 2195456 
via 172.18.0.2 (2172416/28160), Serial0/0 
P 192.168.202.0/24, 1 successors, FD is 2172416 
via 172.17.0.1 (2172416/28160), SerialO/1 
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P 192. 168.203. 0/24, 1 successors, FD is 28160 
via Connected, FastEthernetO/O 
P 172.16.0.0/16, 2 successors, FD is 2681856 

via 172,18.0.2 (2681856/2169856), Serial0/0 
via 172.17.0.1 (2681856/2169856), Serial0/1 
P 172,17.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/1 
P 172.18.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/0 
BAN# 


Verify EIGRP protocol default settings 

Example - HYD-1 

HYD-1 # show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Default networks flagged in outgoing updates 
Default networks accepted from incoming updates 
EIGRP-IPv4 Protocol for AS(100) 

Metric weight Kl=l, K2=0, K3=l, K4=0, K5=0 
NSF-aware route hold timer is 240 
Router-ID: 192.168.202.1 
Topology : 0 (base) 

Active Timer: 3 min 
Distance: internal 90 external 170 
Maximum path: 4 
Maximum hopcount 100 
Maximum metric variance 1 
Automatic Summarization: Enabled 
Maximum path: 4 
Routing for Networks: 

172.16.0. 0 

172.17.0. 0 
192.168.202.0 

Routing Information Sources: 

Gateway Distance Last Update 

172.16.0. 1 90 00:00:41 

172.17.0. 2 90 00:00:41 

Distance: internal 90 external 170 

R2# 
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Verify EIGRP Packets 

Verify default behaviour of EIGRP Hello / Update packets by enabling debug commands 


Example - HYD-1 

HYD-1 # terminal monitor 
HYD-1 # debug eigrp packet 

(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) 
EIGRP Packet debugging is on 

*Jul 21 17:57:04.245: EIGRP: Packet from ourselves ignored 
*Jul 21 17:57:04.861: EIGRP: Sending HELLO on Serial0/0/0 

*Jul 21 17:57:04.861: AS 100, Flags 0x0:(l\IULL}, Seq 0/0 interfaceQO/O iidbQ un/rely 0/0 
*Jul 21 17:57:04.909: EIGRP: Sending HELLO on SerialO/O/1 

*Jul 21 17:57:04.909: AS 100, Flags OxO:(NULL}, Seq 0/0 interfaceQO/O iidbQ un/rely 0/0 
*Jul 21 17:57:04.917: EIGRP: Received HELLO on SerialO/O/1 nbr 172.16.0.1 
*Jul 21 17:57:04.917: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ 
un/rely 0/0 

*Jul 21 17:57:05.621: EIGRP: Received HELLO on Serial0/0/0 nbr 172.17.0.2 

*Jul 21 17:57:05.621: AS 100, Flags 0x0;(NULL), Seq 0/0 interfaceQO/O iidbQ un/rely 0/0 peerQ 

un/rely 0/0 

*Jul 21 17:57:05.793: EIGRP: Received HELLO on FastEthernetO/O nbr 192.168.203.1 
*Jul 21 17:57:05.793: AS 100, Flags OxO:(NULL}, Seq 0/0 interfaceQO/O 
*Jul 21 17:57:05.793: EIGRP-IPv4(10}: Neighbor 192.168.203.1 not on common subnet for 
Gigabit EthernetO/O 

*Jul 21 17:57:06.949: EIGRP: Received HELLO on FastEthernetO/O nbr 192.168.202.1 
*Jul 21 17:57:06.949: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 
*Jul 21 17:57:07.317: EIGRP: Sending HELLO on Loopbackl 

*Jul 21 17:57:07.317: AS 100, Flags 0x0:(IMULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 
*Jul 21 17:57:07.317: AS 100, Flags OxO:(NULL), Seq 0/0 interfaceQ 0/0 
*Jul 21 17:57:07.317: EIGRP: Packet from ourselves ignored 
*Jul 21 17:57:07.409: EIGRP: Sending HELLO on FastEthernetO/O 

*Jul 21 17:57:07.409: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 


<output omitted> 


*Jul 21 17:57:12.109: EIGRP: Packet from ourselves ignored 
*Jul 21 17:57:12.201: EIGRP: Sending HELLO on FastEthernetO/O 

*Jul 21 17:57:12.201: AS 100, Flags OxO:(NULL), Seq 0/0 interfaceQO/O iidbQ un/rely 0/0 

HYD-1 # undebug all 
HYD-1 # terminal no monitor 
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Enabling Passive Interface on EIGRP 

To disable sending of EIGRP hello / updates packet on selected Interface, (i.e. Ethernet Interface) we 
use the passive interface command. 

Example - HYD-1 
HYD-1# configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # router eigrp 100 

HYD-1 (config-router) # passive-interface FastEthernetO/O 
HYD-1 (config-router) # end 

HYD-1 - Verification : 

HYD-1 # show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
EIGRP-IPv4 Protocol for AS(100) 

Metric weight Kl=l, K2=0, K3=l, K4=0, K5=0 
NSF-aware route hold timer is 240 
Router-1 D: 192.168.202.1 
Topology : 0 (base) 

Distance: internal 90 external 170 
Maximum path: 4 
Maximum hopcount 100 
Maximum metric variance 1 
Automatic Summarization: Enabled 
Maximum path: 4 
Routing for Networks: 

172.16.0. 0 

172.17.0. 0 
192.168.202.0 

Passive Interface(s): 

FastEthernet0/0 
Routing Information Sources: 

Gateway Distance Last Update 

172.16.0. 1 90 00:00:41 

172.17.0. 2 90 00:00:41 

Distance: internal 90 external 170 

R2# 

After enabling passive interface, again verify the behaviour of EIGRP Hello / Update packets by 
enabling debug commands. Now you will not see the following line in the debug outputs. 

EIGRP: Sending HELLO on FastEthernetO/O 

This means you have successfully disabled sending of EIGRP hello / updates packet on selected 


Interface. 
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Example - HYD-1 
HYD-1# configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # router eigrp 100 
HYD-1 (config-router) # eigrp router-id 2.2.2. 2 
HYD-1 (config-router) # end 


HYD-1 -Verification : 

HYD-1 # show ip eigrp topology 

EIGRP-IPv4 Topology Table for AS(100)/I D(2. 2 .2.2) 

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, 
r - reply Status, s - sia Status 

P 192.168.203.0/24, 1 successors, FD is 2172416 
via 172.17.0.2 (2172416/28160), Serial0/0/0 
P 172.16.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/0/1 
P 172.18.0.0/16, 2 successors, FD is 2681856 

via 172.16.0.1 (2681856/2169856), Serial0/0/l 
via 172.17.0.2 (2681856/2169856), Serial0/0/0 
P 172.17.0.0/16, 1 successors, FD is 2169856 
via Connected, Serial0/0/0 
P 192.168.201.0/24, 1 successors, FD is 2195456 
via 172.16.0.1 (2195456/281600), Serial0/0/l 
P 192.168.202.0/24, 1 successors, FD is 28160 
via Connected, FastEthernetO/O 
HYD-1# 


Verify interfaces configured for EIGRP 


HYD-1 # show ip eigrp interfaces 


Multicast Pending 
Flow Timer Routes 

2431 0 

155 0 

0 0 

HYD-1# 


EIGRP-IPv4 Interfaces for AS(100) 


Interface 

Peers 

Xmit Queue 
Un/Reliable 

Mean 

SRTT 

Pacing Time 
Un/Reliable 

Se0/0/l 

1 

0/0 

487 

0/15 

Se0/0/0 

1 

0/0 

32 

0/15 

Fa0/0 

0 

0/0 

0 

0/1 
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LAB 16: EIGRPV6 ON IPv6 NETWORK 


OBJECTIVE: 

To configure EIGRPv6 routing for communicating between different IPv6 networks on different 
routers. 


TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 



Fa 0/1 

2001 : 5555: : 1 


AS 100 


Fa 0/1 
2001:5555::2 



Fa 0/0 

2001 : 1 1ll : :1 


Fa 0/0 
20 Q 1 : 2222::1 



jWJI 










Fa 0/0 

2001:2222::/64 




Fa 0/0 

2001:1111::/64 


Fa 0/1 2001 :5555::/64 


Fa 0/1 2001:5555::/64 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 7) 


TASK: 

• Configure EIGRPv6 on IPv6 Network 

• Verify EIGRPv6 on IPv6 Network 

• Verify Communication between the IPv6 networks 

• Verify EIGRP Neighbour and Topology Table on IPv6 networks 
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HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ipv6 unicast-routing 

HYD-1 (config) # ipv6 router eigrp 100 

HYD-1 (config-rtr) # eigrp router-id 11.11.11.11 

HYD-1 (config-rtr) # exit 

HYD-1 (config) # interface fastethernet 0/0 

HYD-1 (config-if) # ipv6 eigrp 100 

HYD-1 (config-if) # exit 

HYD-1 (config) # interface fastethernet 0/1 

HYD-1 (config-if) # ipv6 eigrp 100 

HYD-1 (config-if) # end 

HYD-1# 


HYD-2 - Configuration 
HYD-2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-2 (config) # ipv6 unicast-routing 

HYD-2 (config) # ipv6 router eigrp 100 

HYD-2 (config-rtr) # eigrp router-id 22.22.22.22 

HYD-2 (config-rtr) # exit 

HYD-2 (config) # interface fastethernet 0/0 

HYD-2 (config-if) # ipv6 eigrp 100 

HYD-2 (config-if) # exit 

HYD-2 (config) # interface fastethernet 0/1 

HYD-2 (config-if) # ipv6 eigrp 100 

HYD-2 (config-if) # end 

HYD-2# 
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Verify EIGRPv6 on IPv6 Network 

Once EIGRP routing is enabled, IPv6 Networks learnt via EIGRP are added into the routing table. "D" 
represents EIGRP route, 

HYD-1 - Verification : 

HYD-1 # show ip route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
0 - OSPF Intra, 01 - OSPF Inter, 0E1 - OSPF ext 1, 0E2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, 0N2 - OSPF NSSA ext 2 
C 2001:llll::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:1111::1/128 [0/0] 
via FastEthernetO/O, receive 
D 2001:2222::/64 [90/30720] 

via FE80::21C:F6FF:FE85:1FA1, FastEthernetO/1 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/1, directly connected 
L 2001:5555::1/128 [0/0] 
via FastEthernetO/1, receive 
L FF00::/8 [0/0] 
via NullO, receive 
HYD-1# 

HYD-2- Verification : 

HYD-2 # show ipv6 route 

IPv6 Routing Table - default - 6 entries 

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route 
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP 
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery 
O - OSPF Intra, Ol - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 
ONI - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 
D 2001:llll:;/64 [90/30720] 

via FE80::21B:2AFF:FEA4:2FE9, FastEthernetO/1 
C 2001:2222::/64 [0/0] 

via FastEthernetO/O, directly connected 
L 2001:2222::1/128 [0/0] 
via FastEthernetO/O, receive 
C 2001:5555 ::/64 [0/0] 

via FastEthernetO/l, directly connected 
L 2001:5555::2/128 [0/0] 
via FastEthernetO/l, receive 
L FF00::/8 [0/0] 
via NullO, receive 


HYD-2# 
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Verify communication between the IPv6 networks 


Verification from a Computer in HYP-1 Network 


ping 2001:2222::10 (Windows) or ping6 20Q1:2222::10 (Linux) 

PING 2001:2222::10(2001:2222::10) 56 data bytes 
64 bytes from 2001:2222::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:2222:: 10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms 

Verification from a Computer in HYD-2 Network 


ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux) 


PING 2001:1111:: 10(2001:1 111:: 10) 56 data bytes 
64 bytes from 2001:1111::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:1111::10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:1111::10: icmp_seq=3 ttl=62 time=0,335 ms 
64 bytes from 2001:1111::10: icmp_seq=4 ttl=62 time=0.336 ms 

From a Computer in HYD-1 Network trace communication path to a Computer in HYD-2 Network 

traeert 2001 : 2222 :: 10 (Windows) or traceroute6 2001 : 2222 :: 10 (Linux) 

traceroute to 2001 : 2222 :: 10 (2001 : 2222 :: 10) , 30 hops max, 80 byte packets 

1 2001:1111: : 1 (2001:1111::!} 2.825ms 3.239ms 3.665ms 

2 2001:5555: : 2 (2001 : 5555 : : 2 ) 9.086 ms 9,393 ms 9.642 ms 

3 2001 : 2222 :: 10 (2001 : 2222 :: 10 ) 9.781 ms 10.474 ms 10.720 ms 


From a Computer in HYD-2 Network trace communication path to a Computer in HYD-1 Network 


traeert 2001 : 1111 10 (Windows) or traceroute6 2001 : 1111 :: 10 (Linux) 


traceroute to 
1 2001:2222 

2 2001:5555 

3 2001:1111 


2001 : 1111 : : 10 
: 1 ( 2001 : 2222 : 
: 1 (2001:5555: 
: 1 0 ( 2001:1111 


(2001 : 1111 : : 10} , 30 hops 
: 1 } 1.071 ms 1,152 ms 

: 1 ) 4 . 303 ms 4 , 930 ms 

: : ID) 10.832 ms 11.444 


max, 80 byte packets 
1.238 ms 
5.419 ms 
ms 11,541 ms 
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Verify EIGRP Neighbour and Topology Table on IPv6 Network 


HYD-l - Verification : 

HYD-1 it show ip eigrp neighbour 


EIGRP-IPv6 Neighbors for AS(100) 

H Address Interface 

Hold 

Uptime SRTT 

RTO 

Q 

Seq 

Type 

(sec) 

(ms) 


Cnt 

IMum 



0 Link-local address: FaO/1 

13 

00:07:01 7 

200 

0 

6 


FE80::21C:F6FF:FE85:1FA1 








HYD-l# 


HYD-1 # show ipvG eigrp topology 

EIGRP-IPv6 Topology Table for AS(100)/ID(11. 11.11.11) 

Codes: P - Passive, A - Active, U - Update, Q- Query, R - Reply, 
r - reply Status, s - sia Status 


P 2001:2222-/64, 2 successors, FD is 30720 

via FE80::21C:F6FF:FE85:1FA1 (30720/28160), FastEthernetO/1 
P 2001:llll::/64, 1 successors, FD is 28160 
via Connected, FastEthemetO/0 
P 2001:5555::/64, 1 successors, FD is 28160 
via Connected, FastEthemetO/1 
HYD-1# 


HYD-2 - Verification: 


HYD-2 # show ip eigrp neighbors 


EIGRP-IPv6 Neighbors forAS(lOO) 

H Address Interface Hold 

Uptime SRTT 

RTO 

Q 

Seq 

Type 

(sec) (ms) 


Cnt 

Num 



0 Link-local address: FaO/1 13 

00:07:01 7 

200 

0 

6 


FE80::21B:2AFF:FEA4:2FE9 







HYD-1# 


HYD-2 # show ipvG eigrp topology 

EIGRP-IPV6 Topology Table for AS(100)/ID(22. 22.22.22) 

Codes: P - Passive, A - Active, U - Update, Q- Query, R - Reply, 
r - reply Status, s - sia Status 
P 2001:2222-/64, 1 successors, FD is 28160 
via Connected, FastEthernet0/0 
P 2001:llll::/64, 2 successors, FD is 30720 

via FE80::21B:2AFF:FEA4:2FE9 (30720/28160), FastEthemetO/l 
P 2001:5555-/64, 1 successors, FD is 28160 
via Connected, FastEthernetO/l 
HYD-2# 
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LAB 17: SYSLOG 


OBJECTIVE: 

To configure Logging on router and sending logs to a syslog server. 

TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 



F0/0 


192.168.202.1/24 




Computer IP Address 
192.168.202.10/24 

Pre-requisite: 192.168.202.10 computer should have Syslog server software installed and 
running. 


TASK: 

• Configure logging to Syslog Server 

• Configure logging to Buffer 

• Generate and Verify Syslog Messages 
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Configure Logging to Syslog Server 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # logging on 

HYD-1 (config) # logging host 192.168.202,10 

HYD-1 (config) # logging trap 7 

HYD-1 (config) # exit 

HYD-1# 


Configure Logging to Buffer 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # logging on 
HYD-1 (config) # logging buffered 7 
HYD-1 (config) # exit 
HYD-1# 

Generate and Verify Syslog Messages 

HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # interface serial 0/0/0 
HYD-1 (config-if) # shutdown 
HYD-1 (config-if) # no shutdown 
HYD-1 (config-if) # end 
HYD-1# 

HYD-1 - Verification: 

HYD-1 # show logging 

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns) 

No Active Message Discriminator. 

No Inactive Message Discriminator. 

Console logging: disabled 

Monitor logging: level debugging, 0 messages logged, xml disabled, 


filtering disabled 


Buffer logging: level debugging, 7 messages logged, xml disabled, 
filtering disabled 

Exception Logging: size (4096 bytes) 

Count and timestamp logging messages: disabled 
Persistent logging: disabled 
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No active filter modules. 

Trap logging: level informational, 45 message lines logged 
Logging to 192.168.202.10 (udp port 514, audit disabled, link up), 
9 message lines logged, 

0 message lines rate-limited, 

0 message lines dropped-by-MD, 
xml disabled, sequence number disabled 
filtering disabled 


Log Buffer {4096 bytes): 


Mul 28 11:51:26.447: %SY5-5-COINFIG_l: Configured from console by console 

*Jul 28 11:52:11.563: %LINK-5-CHAI\IGED: Interface 5erial0/0/0, changed state to administratively 

down 

*Jul 28 11:52:11.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed 
state to dn 

*Jul 28 11:52:28.639: %SYS-5-CONFIG_l: Configured from console by console 

*Jul 28 11:52:29.487: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to up 

CHE# 


Verification on Syslog Server f PC) : 

Start Syslog software to view the syslog's messages as below : 


Tftpd32 by Pk iounin 


Current 0 ieetoiy | C: ^Program FU&s'sTftpcOZ 

S«™ interlace 1 1 3E-1 69. 2GE.1 0 NVIDIA nPoice Networking Cwl^ler 

Tftp Swvci | Tflp CleriL | DHCP server Sydlog ■garvei j Log -viewer | 


3 


firowse 


Short Dji 




I* cm 


<189>43 -Jan 1 00:27:1 1 955: £SY5-5-C0NFlG I: Configured from console by viyOU 02. 16S.202.10) 192.163.202.1 

<190>49 "Aug 12 16.00:00.000. %SYS '6'CLO CK.UFDAT E : System clock has been upd^ed fmm 0627.31 UTC SatJrnl 20D0to 16:QQ00UTD FiLAug122. . 132.168.202.1 
<103>5tt Aug 12 16:0334 343: 3SYS-5-CQNFIGJ: Configured km console by vlyC 1132.1 6S 202. 10] 132,163202.1 

<1 B7>51. Aug 12 16:0319.235: ^LINK.-3-UFCOWN Interface SerialO/OVO. changed sidle Sow 192.168 202.1 

<1 03>52 Aug 12 16:0320.235: ^LINEPRQTO-B.UPDOWN: Lme pmtocd on Interface SeiialIMM), charged state to up 192.168202.1 


12706 16:5333,. 
12700 1 6:56 23... 
1270616:5327 
12706 16:58.42.. 
1270916:5942.. 


r 

: 


Cow 


About 


Soilings 
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LAB 18: NTP 


OBJECTIVE: 

To configure router as NTP Client, for time synchronization with NTP server, 

TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 


so/o 






INTERNET 



Fa 0/0 
192.168.201.1 





p 1 






m 






I'HTrkTJ 

Fa 0/0 

192.168.201.0/24 


TASK: 

• Configure Date and Time - Manual 

• Verify Current Date and Time 

• Configure Router as NTP client 

• Verify Date and time via NTP 
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Configure Date and Time - Manual 

CHE — Configuration 

CHE # clock set 13:36:30 10 Jan 2001 

Verify Current Date and Time 

C HE - Verification: 

CHE # show clock 

13:36:32,055 UTC Wed Jan 10 2001 

Configure Router as NTP client 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
CHE (config) # ntp server 8.8.8.S 
CHE {config) # exit 
CHE# 


Verify Date and time via NTP 

CHE - Verification: 

CHE # show clock 

13:39:21.604 UTC Tue Aug 16 2016 

CHE # show ntp status 

Clock is synchronized, stratum 4, reference is 8. 8. 8.8 

nominal freq is 249.5901 Hz, actual freq is 249.5901 Hz, precision is 2* **18 

reference time is DB5D96BC.5E7B415C (13:42:20.369 UTC Tue Aug 16 2016) 

clock offset is 1.4590 msec, root delay is 32.53 msec 

root dispersion is 3878.63 msec, peer dispersion is 3876.77 msec 

CHE # show ntp associations 

address ref clock st when poll reach delay offset disp 
*~8.8.8.8 127.127.1.1 3 17 64 7 32.5 1.46 3876.8 

* master (synced), # master (unsynced), + selected, - candidate, ~ configured 


CHE # 
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LAB 19: INITIAL CONFIGURATION OF SWITCH 


OBJECTIVE: 

To get familiar with Cisco Switch 105 modes and configure a New Switch with basic configuration i.e, 
assigning management IP address to the switch and configure passwords etc. 


TOPOLOGY: 

Setup console and ethernet connectivity for the lab as below : 


r Console 


Switch 


Vlan 1 S 

192.168.20.50/24^ 

\ 

\ 
l 
I 
I 
/ 

/ 

/ 

/ 

✓ 


Computer IP Address 
192.168.20.10 

TASK: 

• Establish console connectivity 

• Access switch via console with an emulation software 

• Get familiar with Cisco Switch IOS Modes and Show commands 

• Configure Hostname and VLAN 1 Interface IP address 

• Configure Connectivity Passwords 

• Configure Privilege Mode / Enable Password 

• Save configuration on the switch 

• Access the Switch via Telnet 
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Establish console connectivity 

Establish console connectivity by connecting switch console port to PC Com Port with console cable. 


Access switch via console with an emulation software 

Configure the following parameters in emulation software for accessing switch via console port. 




Baud 

9600 


Data bits 8 


Parity 

None 

Stop bits 

1 


Accessing switch via console from Microsoft Windows Computer 

• Start a terminal emulator application, such as PUTTY.exe 

• Select Serial option and set speed to 9600. 

• Click Open 



• Once emulation software is ready, Power-ON the switch. 

Accessing switch via console from Linux Computer 

• From the terminal enter the below command 

# minicom 

• Once emulation software is ready, Power-OIM the Switch. 
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Getting familiar with Cisco Switch IQS Modes and show commands 


After the switch boots-up completely, (on a new Cisco Switch) it enters user mode as below: 


Switch> 


To navigate into Privilege m ode/Executive Mode from User Mode 

Switch >enable 
Switch # 

To view switch IOS and hardware information 
Switch # show version 

Cisco Internetwork Operating System Software 

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fcl) 
Copyright (c) 1986-2005 by cisco Systems, Inc. 

Compiled Fri 21-Oct-05 01:59 by yenanh 

Image text-base: 0x80010000, data-base: 0x80568000 

ROM: Bootstrap program is C2950 boot loader 

Switch uptime is 4 minutes 

System returned to ROM by power-on 

System image file is "flash:/c2950-i6q4l2-mz. 121-22. EA6.bin" 

cisco WS-C2950-24 (RC32300) processor (revision GO) with 21013K bytes of memory. 

Processor board ID FOC0638Z0TB 

Last reset from system-reset 

Running Standard Image 

24 FastEthernet/IEEE 802.3 interface(s) 

32K bytes of flash-simulated non-volatile configuration memory. 

Base ethernet MAC Address: 00:0A:F4:C5:94:C0 
Motherboard assembly number: 73-5781-11 
Power supply part number: 34-0965-01 
Motherboard serial number: FOC06380AZK 
Power supply serial number: DAB06347236 
Model revision number: GO 
Motherboard revision number: A0 
Model number: WS-C2950-24 
System serial number; FOC0638Z0TB 
Configuration register is QxF 


Switch # 
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To view switch flash Information 
Switch # show flash 

Directory of flash:/ 

1 -rwx 3110758 Mar 01 1993 08:30:59 +00:00 c2950-i6q4l2-mz.l21-22.EA6.bin 

2 -rwx 564 Mar 01 1993 00:00:28 +00:00 vlan.dat 

7741440 bytes total (4628480 bytes free) 

Switch # 

To view switch current configuration (RAM) 

Switch # show running-config 

Building configuration... 

Current configuration : 1071 bytes 
! 

version 12.1 
no service pad 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 

hostname Switch 


spanning-tree mode pvst 

no spanning-tree optimize bpdu transmission 

spanning-tree extend system-id 

i 

a 

interface FastEthernetO/l 

i 

i 

interface FastEthernet0/2 

i 

i’ 

coutput omitted> 

i 

■ 

interface FastEthernet0/23 

i 

a 

interface FastEthernet0/24 
l 

a 

interface Vlanl 
no ip address 
no ip route-cache 
shutdown 


ip http server 


line con 0 
line vty 5 15 


end 

Switch # 
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To view switch startup configuration (NVRAM) 
Switch # show startup-config 
startup-config is not present 


To view detailed interface information (i.e. Vlan, interface status, etc.) 
Switch # show interface status 


Port Name 

Status 

Vlan 

Duplex Speed Type 

FaO/1 

connected 

1 

a-full 

a-100 10/100BaseTX 

FaO/2 

connected 

1 

a-full 

a-100 10/100BaseTX 

FaO/3 

connected 

1 

a-full 

a-100 10/100BaseTX 

FaO/4 

connected 

1 

a-full 

a-100 10/ 100BaseTX 

FaO/5 

connected 

1 

a-full 

a-100 l0/l00BaseTX 

FaO/6 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/7 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/8 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/9 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/1 0 

connected 

1 

a-half 

a-10 10/100BaseTX 

FaO/1 1 

connected 

1 

a-half 

a-10 10/lOOBaseTX 

FaO/12 

connected 

1 

a-half 

a-10 10/100BaseTX 

FaO/1 3 

connected 

1 

a-half 

a-10 10/100BaseTX 

FaO/14 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/1 5 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/1 6 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/17 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/1 8 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/1 9 

notconnect 

1 

auto 

auto 10/lD0BaseTX 

FaO/2 0 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/2 1 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/2 2 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/2 3 

notconnect 

1 

auto 

auto 10/100BaseTX 

FaO/24 

Switch # 

notconnect 

1 

auto 

auto 10/100BaseTX 


To view Mac Address Table 
Switch # show mac-address-table 

Mac Address Table 


Vlan 

Mac Address 

Type 

Ports 

All 

000a.f4c5.94c0 

STATIC 

CPU 

All 

0100.0ccc.cccc 

STATIC 

CPU 

All 

0100.0ccc.cccd 

STATIC 

CPU 

All 

0100.0cdd.dddd 

STATIC 

CPU 

1 

0002.4b60.dl00 

DYNAMIC 

FaO/13 

1 

0002.fd73.7f20 

DYNAMIC 

FaO/ll 
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1 0010.7bb3.6f20 DYNAMIC FaO/12 

1 001c.c012.4f54 DYNAMIC Fa0/4 

1 0030.9476.fl60 DYNAMIC Fa0/10 

Total Mac Addresses for this criterion: 5 
Switch # 

Configure Hostname and VLAN 1 Interface IP address 


To change the Host Name of Switch 

Switch # configure terminal 

Switch (config) # hostname SW1 
SW1 {config) # 

To configure IP address on Interface VLAN 1 
SW1 (config) # interface vlan 1 

SW1 {config-if) # ip address 192.168.20.50 255.255.255.0 

SW1 (config-if) # no shutdown 
SW1 (config-if) ffexit 

Configure Connectivity Passwords 

To configure telnet password 

SW1 (config) # line vty 0 15 
SW1 (config-line) # password zoom 
SW1 (config-line) #login 
SW1 (config-line) #exit 

To configure console password 

SW1 (config) # line console 0 
SW1 (config-line) # password zoom 
SW1 (config-line) #login 
SW1 (config-line) # exit 

Configure Privilege Mode / Enable Password 


Configure privilege password 

SW1 (config) #enable password ccna 
SW1 (config) #enable secret zoom 
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Configure Default Gateway and Description on Interface 

SWl (config) # ip default-gateway 192.168.20.1 

SW1 (config) # interface fastethernet 0/24 

SWl (config-if} # description Link to SW2 
SWl (config-if) # end 

Save configuration on the switch 

To save configuration on switch 

SWl # copy running-config startup-config 

Destination filename [startup-config]? 

Building configuration... 

[OK] 

SWl # 

To view switch startup configuration (NVRAM) 

SWl #f show startup-config 

Building configuration.., 

Current configuration : 1230 bytes 


version 12.1 
no service pad 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 


hostname SWl 


enable secret 5 $l$HYD-lwe$Mk0jdo9UpDLlT7kqcKHhkl 
enable password ccna 


ip subnet-zero 


spanning-tree mode pvst 
no spanning-tree optimize bpdu transmission 
spanning-tree extend system-id 
! 

interface FastEthernetO/1 
! 

interface FastEthernetO/2 
! 
i 

I- 

coutput omitted> 
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I 

B- 

interface FastEthernetO/23 
! 

interface FastEthernetO/24 
description Link to SW2 

! 

interface Vlanl 

ip address 192.168.20.50 255.255.255.0 
no ip route-cache 

i 

Bi 

ip default-gateway 192.168.20.1 
ip http server 

i 

a 

line con 0 
password zoom 
login 

line vty 0 4 
password zoom 
login 

line vty 5 15 
password zoom 
login 

! 

i 

■ 

end 


Access the Switch via Telnet 

• Access switch via telnet by giving the following command on a Windows or Linux computer. 

telnet 192.168.20.50 
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LAB 20: VLAN AND TRUNKING 


OBJECTIVE: 

To configure VLANs and trunking in a switched network. 


TOPOLOGY: 

Setup Switch and Computer connectivity for the lab as below: 


Sales 

VLAN 

10 






PC3 


24 








24 


pen 


— — 

Mktg 

p, 

Sales 

VLAN 


VLAN 

20 


10 


PC12 


PC13 





Mktg 

VLAN 

20 



PC15 





TASK: 

• Verify communication between the computers connected to same as well as a different switch. 

• Verify Default VLAN information 

• Configure and Implement VLANs 

• Verify communication between the computers connected to same switch. 

• Configure Trunking 

• Verify communication between the computers connected to different switches. 
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Verify communication between the computers connected to same and different switches 


From 192.168.20.1 computer fi.e. PCI) ping computers on the same switch 

ping 192.168.20.2 

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data. 

64 bytes from 192.168.20.2: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.2: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.2: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.2: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.20.3 


PING 192.168.20.3 (192.168.20.3) 56(84) bytes of data. 

64 bytes from 192.168.20,3: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.3: icmp_seq=2 ttl~62 time=24.0 ms 
64 bytes from 192.168.20.3: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20,3: icmp_seq=4 ttl=62 time=24.0 ms 

ping 192.168.20.5 

PING 192.168.20.5 (192.168.20.5) 56(84) bytes of data. 

64 bytes from 192.168.20.5: icmp_seq=l tt!=62 time=24.0 ms 
64 bytes from 192.168.20.5: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.5: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.5: icmp_seq=4 ttl=62 time=24.0 ms 

From 192.168.20.1 computer (i.e. PCD ping computers on the other switch 


ping 192.168.20.12 

PING 192.168.20.12 (192.168.20.12) 56(84) bytes of data. 

64 bytes from 192.168.20.12: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.12: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.12: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.12: icmp_seq=4 ttl=62 time=24.0 ms 

ping 192.168.20.13 

PING 192.168.20.13 (192.168,20.13) 56(84) bytes of data. 

64 bytes from 192.168.20.13: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.13: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.13: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.13: icmp_seq=4 ttl=62 time=24.0 ms 
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ping 192.168.20.15 

PING 192.168.20.15 (192.168.20.15) 56(84) bytes of data. 

64 bytes from 192.168.20.15: icmp_seq=l ttl=62 time=24,0 ms 
64 bytes from 192.168,20.15: icmp_seq=2 ttl=62 time=24,0 ms 
64 bytes from 192.168.20.15: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.15: icmp_seq=4 ttl=62 time=24.Q ms 


Verify Default VLAN information 


To view existing VLAN and port assigned to VLAN 
SW1 - Verification: 


SW1 # show vlan brief 


VLAN Name 


Status Ports 


default 


active Fa0/1, Fa0/2, FaO/3, FaO/4, Fa0/5, FaO/6, Fa0/7, FaO/8, Fa0/9, 

Fa0/10, Fa0/ll, FaO/12, Fa0/13, FaO/14, FaO/15, Fa0/16, Fa0/17, 
FaO/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23,Fa0/24 


1002 fddi-default act/unsup 

1003 trcrf-default act/unsup 

1004 fddinet-default act/unsup 

1005 trbrf-default act/unsup 

SW1 # 


SW2 - Verification: 


SW2 # show vlan brief 


VLAN Name 


Status Ports 


default 


active Fa0/1, Fa0/2, FaO/3, FaO/4, Fa0/5, FaO/6, Fa0/7, FaO/8, Fa0/9, 

Fa0/10, Fa0/ll, FaO/12, Fa0/13, FaQ/14, FaO/15, Fa0/16, FaO/17, 
Fa0/18, Fa0/19, FaO/20, FaO/21, FaO/22, Fa0/23,Fa0/24 


1002 fddi-default act/unsup 

1003 trcrf-default act/unsup 

1004 fddinet-default act/unsup 

1005 trbrf-default act/unsup 

SW2 # 
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SW1 - Configuration 
SW1 ftconfigure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW1 (config) # vlan 10 

SW1 (config-vlan) # name SALES 

SW1 (config-vlan) tfexit 

SW1 (config) # vlan 20 

SW1 (config-vlan) tt name MKTG 

SW1 (config-vlan) ffexit 

SW1 (config) # 


SW1 (config) # interface range fastethernet 0/1 -2 

SW1 (config-if-range) tt switchport mode access 
SW1 (config-if-range) U switchport access vlan 10 
SW1 (config-if-range) # exit 
SWl(config) tt 

SW1 (config) # interface range fastethernet 0/5 -6 
SW1 (config-if-range) # switchport mode access 
SW1 (config-if-range) tt switchport access vlan 20 

SW1 (config-if-range) tt exit 


SW2 - Configuration 
SW2 tt configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW2 (config) # vlan 10 

SW2 (config-vlan) tt name SALES 

SW2 (config-vlan) #exlt 

SW2 (config) # vlan 20 

SW2 (config-vlan) tt name MKTG 

SW2 (config-vlan) #exit 

SW2 (config) # 


SW2 (config) # interface range fastethernet 0/1 -2 
SW2 (config-if-range) tt switchport mode access 
SW2 (config-if-range) tt switchport access vlan 10 
SW2 (config-if-range) tt exit 
SW2(config) # 

SW2 (config) # interface range fastethernet 0/5 -6 
SW2 (config-if-range) tt switchport mode access 
SW2 (config-if-range) tt switchport access vlan 20 
SW2 (config-if-range) tt exit 
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To view existing VLAN and port assigned to VLAN 
SW1 - Verification: 


SW1 # show vtan brief 


VLAN Name 


Status Ports 


1 default 


active FaO/3, FaO/4, FaO/7, FaO/8, FaO/9, Fa0/10, FaO/11, FaO/12, FaO/13, 
FaO/14, FaO/15, FaO/16, FaO/17, FaO/18, FaO/19, Fa0/20, FaO/21, 
FaO/22, FaO/23, FaO/24 


10 SALES 
20 MKTG 


active FaO/1, Fa 0/2 
active Fa0/5, Fa0/6 


1002 fddi-default act/unsup 

1003 trcrf-default act/unsup 

1004 fddinet-default act/unsup 

1005 trbrf-default act/unsup 

SW1 # 

SW1 # show interface fastethernet 0/1 switchport 

Name: Fa0/1 
Switchport: Enabled 
Administrative Mode: static access 
Operational Mode: static access 
Administrative Trunking Encapsulation: dotlq 
Operational Trunking Encapsulation: native 
Negotiation of Trunking: Off 
Access Mode VLAN: 10 (SALES) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Administrative private-vlan trunk native VLAN: none 

Administrative private-vlan trunk encapsulation: dotlq 

Administrative private-vlan trunk normal VLANs: none 

Administrative private-vlan trunk private VLANs: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Appliance trust: none 


SW1 # 
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SW2 # show vlan brief 


VLAN Name Status Ports 


1 default active FaO/3, FaO/4, FaO/7, FaO/8, FaO/9, Fa0/10, FaO/ll, FaO/12, FaO/13, 

FaO/14, FaO/15, FaO/16, FaO/17, FaO/18, FaO/19, Fa0/20, FaO/21, 
FaO/22, FaO/23, FaO/24 
10 SALES active Fa0/1, Fa0/2 

20 MKTG active Fa0/5, Fa0/6 

1002 fddi-default act/unsup 

1003 trcrf-default act/unsup 

1004 fddinet-default act/unsup 

1005 trbrf-default act/unsup 

SW2 # 

SW2 # show interface fastethernet O/l switchport 

Name: Fa0/5 
Switchport: Enabled 
Administrative Mode: static access 
Operational Mode: static access 
Administrative Trunking Encapsulation: dotlq 
Operational Trunking Encapsulation: native 
Negotiation of Trunking: Off 
Access Mode VLAN: 20 (MKTG) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Administrative private-vlan trunk native VLAN: none 

Administrative private-vlan trunk encapsulation: dotlq 

Administrative private-vlan trunk normal VLANs: none 

Administrative private-vlan trunk private VLANs: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Appliance trust: none 

SW2 # 
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Verify communication between the computers connected to same switch. 


From 192.168.20.1 computer (i.e. PCI] 

ping 192.168.20.2 

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data. 

64 bytes from 192.168.20.2: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.2: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.2: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.2: icmp_seq=4 ttl=62 time=24.0 ms 

ping 192.168.20.3 

PING 192.168.203 (192.168.203) 56(84) bytes of data. 

From 192.168.20.1 icmp_seq=l Destination Host Unreachable 
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable 
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable 
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable 

ping 192.168.20.5 

PING 192.168.20.5 (192.168.20.5) 56(84) bytes of data. 

From 192.168.20.1 icmp_seq=l Destination Host Unreachable 
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable 
From 192.168.20.1 icmp_$eq=3 Destination Host Unreachable 
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable 

From 192.168.20.6 computer fi.e. PCS) 

ping 192.168.20.2 

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data. 

From 192.168.20.6 icmp_seq=l Destination Host Unreachable 
From 192.168,20.6 icmp_seq=2 Destination Host Unreachable 
From 192.168.20.6 icmp_seq=3 Destination Host Unreachable 
From 192.168.20.6 icmp_seq=3 Destination Host Unreachable 


ping 192.168.20.5 


PING 192.168.20.5 (192.168.20.5) 56(84) bytes of data. 

64 bytes from 192.168.20.5: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.5: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.5: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.5: icmp_seq=4 ttl=62 time=24.0 ms 
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Configure Trunking 


SWl - Configuration 
SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
SWl (config)# interface fastethernet 0/24 
SWl (config-if)# switchport mode trunk 
SWl (config-if)# switchport trunk allowed vlan all 

SWl (config-if)# A Z 
SWl # 

SW2 - Configuration 
SW2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
SW2 (config)# interface fastethernet 0/24 
SW2 (config-if)# switchport mode trunk 
SW2 (config-if)# switchport trunk allowed vlan all 

SW2 (config-if)# A Z 
SW2 # 


Verify trunk configuration 


SWl - Verification : 

SWl # show interface trunk 

Port Mode Encapsulation Status Native vlan 

FaO/24 on 802, Iq trunking 1 

Port Vlans allowed on trunk 

FaO/24 1-4094 

Port Vlans allowed and active in management domain 

FaO/24 1,10,20 

Port Vlans in spanning tree forwarding state and not pruned 

FaO/24 none 


SWl # 
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SW1 # show interface fastethernet 0/24 switchport 

Name: FaO/24 

Switchport: Enabled 

Administrative Mode: trunk 

Operational Mode: trunk 

Administrative Trunking Encapsulation: dotlq 

Operational Trunking Encapsulation: dotlq 

Negotiation of Trunking: On 

Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Administrative private-vlan trunk native VLAN: none 

Administrative private-vlan trunk encapsulation: dotlq 

Administrative private-vlan trunk normal VLANs: none 

Administrative private-vlan trunk private VLANs: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Appliance trust: none 

SW1 # 


SW2 - Verification: 


SW2 # show interface trunk 

Port Mode Encapsulation Status Native vlan 

FaO/24 on 802. lq trunking 1 

Port Vlans allowed on trunk 

FaO/24 1-4094 

Port Vlans allowed and active in management domain 


FaO/24 1,10,20 


Port Vlans in spanning tree forwarding state and not pruned 
FaO/24 none 
SW2 # 
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SW2 # show interface fastethernet 0/24 switchport 

Name: FaO/24 

Switchport: Enabled 

Administrative Mode: trunk 

Operational Mode: trunk 

Administrative Trunking Encapsulation: dotlq 

Operational Trunking Encapsulation: dotlq 

Negotiation of Trunking: On 

Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Administrative private-vlan trunk native VLAN: none 

Administrative private-vlan trunk encapsulation: dotlq 

Administrative private-vlan trunk normal VLANs: none 

Administrative private-vlan trunk private VLANs: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Appliance trust: none 


SW2 n 
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Verify communication between the computers connected to different switch. 


From 192.168.20.1 computer (i.e. PCI] 

ping 192.168.20.12 

PING 192.168.20.12 (192.168.20.12) 56(84) bytes of data. 

64 bytes from 192.168.20.12: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.12: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.12: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.12: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.20.13 


PING 192.168.20.13 (192.168.20.13)56(84) bytes of data. 
From 192.168.20.1 icmp_seq=l Destination Host Unreachable 
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable 
From 192.168,20.1 icmp_seq=3 Destination Host Unreachable 
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable 


ping 192.168.20.15 


PING 

From 

From 

From 

From 


192,168.20.15 (192.168.20,15) 56(84) 


192.168.20.1 

192.168.20.1 

192.168.20.1 

192.168.20.1 


cmp_seq=l 
cmp _seq=2 
cmp _seq=3 
cmp _seq=3 


Destination 

Destination 

Destination 

Destination 


bytes of data. 

Host Unreachable 
Host Unreachable 
Host Unreachable 
Host Unreachable 
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LAB 21: DYNAMIC TRUNKING PROTOCOL (DTP) 


OBJECTIVE: 

To configure Dynamic trunking protocol in a switched network. 


TOPOLOGY: 

Setup Switch and Computer connectivity for the lab as below: 




PCI 


Sales 

VLAN 

10 

fri 


PCI! 


Sales 

VLAN 

IQ 


Mktg 

VLAN 

20 


Mktg 

VLAN 

20 


Pre-requisite: VLAN and Trunking configuration to be done on the Switch (LAB - 20} 


TASK: 

• Configure Dynamic Trunking Protocol (DTP) 

• Verify communication between the computers connected to different switches. 
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Configure DTP Trunking 


SW1 - Configuration 
SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW1 {config)# interface fastethernet 0/24 

SW1 (config-if)# switchport mode dynamic desirable 

SW1 (config-if)# end 
SW1 # 

SW2 - Configuration 
SW2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
SW2 (config)# interface fastethernet 0/24 
SW2 (config-if)# switchport mode dynamic auto 

SW2 (config-if)# end 
SW2 # 


Verify DTP Trunk configuration 


SWl - Verification : 

SW1 # show interface trunk 

Port Mode Encapsulation Status Native vlan 

FaO/24 desirable 802. Iq trunking 1 

Port Vlans allowed on trunk 

FaO/24 1-4094 

Port Vlans allowed and active in management domain 

FaO/24 1,10,20 

Port Vlans in spanning tree forwarding state and not pruned 

FaO/24 none 


SWl# 
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SW1 # show interface fastethernet 0/24 switchport 

Name: FaO/24 
Switchport: Enabled 

Administrative Mode: dynamic desirable 
Operational Mode: trunk 
Administrative Trunking Encapsulation: dotlq 
Operational Trunking Encapsulation: dotlq 
Negotiation of Trunking: On 
Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Administrative private-vlan trunk native VLAN: none 

Administrative private-vlan trunk encapsulation: dotlq 

Administrative private-vlan trunk normal VLANs: none 

Administrative private-vlan trunk private VLANs: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Appliance trust: none 


swi n 


SW2 - Verification: 


SW2 # show interface trunk 



Port 

Mode Encapsulation 

Status 

Native vlan 

FaO/24 

Auto 802. lq 

trunking 

1 

Port 

Vlans allowed on trunk 



FaO/24 

1-4094 



Port 

FaO/24 

Vlans allowed and active in management domain 
1,10,20 


Port Vlans in spanning tree forwarding state and not pruned 
FaO/24 none 
SW2 # 
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SW2 # show interface fastethernet 0/24 switchport 

Name: FaO/24 

Switchport: Enabled 

Administrative Mode: dynamic auto 

Operational Mode: trunk 

Administrative Trunking Encapsulation: dotlq 

Operational Trunking Encapsulation: dotlq 

Negotiation of Trunking: On 

Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Administrative private-vlan trunk native VLAN: none 

Administrative private-vlan trunk encapsulation: dotlq 

Administrative private-vlan trunk normal VLANs: none 

Administrative private-vlan trunk private VLANs: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Appliance trust: none 


SW2 n 
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Verify communication between the computers connected to different switch. 


From 192.168.20.1 computer (i.e. PCI] 

ping 192.168.20.12 

PING 192.168.20.12 (192.168.20.12)56(84) bytes of data. 

64 bytes from 192.168.20.12: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.20.12: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.20.12: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.20.12: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.20.13 


PING 192.168.20.13 (192.168.20.13) 56(84) bytes of data. 
From 192.168.20.1 icmp_seq=l Destination Host Unreachable 
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable 
From 192.168,20.1 icmp_seq=3 Destination Host Unreachable 
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable 


ping 192.168.20.15 


PING 192.168.20.15 (192.168.20.15)56(84) bytes of data. 


From 192.168.20.1 
From 192.168.20.1 
From 192.168.20.1 
From 192.168.20.1 


cmp_seq=l Destination Host Unreachable 
cmp _seq=2 Destination Host Unreachable 
cmp _seq=3 Destination Host Unreachable 
cmp _seq=3 Destination Host Unreachable 


CCNA Lab Manual 


Page 


169 


www.zoomgroup.com 



LAB 22: VLAN TRUNKING PROTOCOL (VTP) 


OBJECTIVE: 


To implement VTP domain name and password on switches across the network. 


TOPOLOGY: 

Setup Switch connectivity for the lab as below : 


VTP Server 


VTP Client / Transparent 




SW1 - 192.168.20.50 


Sales 

VLAN 

10 


Mktg 

VLAN 

20 


SW2- 


Mktg 

VLAN 

20 


Sales 

VLAN 

10 


Pre-requisite: VLAN and Trunking configuration to be done on the Switch (LAB - 20) 


TASK: 

• Configure VTP domain name and password 

• Verify the working of VTP 
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Configure VTP Domain Name and Password 


SWl - VTP Server Configuration 


SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SWl {config) # vtp domain ZOOM 

Changing VTP domain name from null to ZOOM 

SWl (config) # vtp password CCNA 

Setting device VLAN database password to CCNA 

SWl (config) # A Z 

SWl # 


SW2 - VTP Client Configuration 


SW2 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW2 (config) # vtp domain ZOOM 

Changing VTP domain name from null to ZOOM 

SW2 (config) # vtp password CCNA 

Setting device VLAN database password to CCNA 

SW2 (config) # vtp mode client 

Setting device to VTP CLIENT mode. 

SW2 (config) # A Z 
SW2 if 


SWl - Verification: 


SWl if show vtp status 

VTP Version : 2 

Configuration Revision : 0 

Maximum VLANs supported locally : 64 

Number of existing VLANs : 5 

VTP Operating Mode : Server 

VTP Domain Name : ZOOM 

VTP Pruning Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x4C 0x9A 0xF5 0x6A 0x05 OxBA 0x83 0xE3 

Configuration last modified by 192.168.20.50 at 3-1-93 02:26:12 

SWl# 

SWl # show vtp password 

VTP Password: CCNA 
SWl# 
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SW2 - Verification: 


SW2 # show vtp status 

VTP Version 

Configuration Revision 

Maximum VLANs supported locally 

Number of existing VLANs 

VTP Operating Mode 

VTP Domain Name 

VTP Pruning Mode 

VTP V2 Mode 

VTP Traps Generation 

MD5 digest 


2 

0 

64 

5 

Client 

ZOOM 

Disabled 

Disabled 

Disabled 

0x4C 0x9A 0xF5 0x6A 0x05 OxBA 0x83 OxE3 


Configuration last modified by 192.168.20.50 at 3-1-93 02:26:12 

Local updater ID is 192.168.20.50 on interface VII (lowest numbered VLAN interface found) 
SW1# 

SW2 # show vtp password 

VTP Password: CCNA 
SW2# 


Verify the working of VTP 


Create VLANs on Server Switch i.e, SW1 and verify that these VLANs are automatically available on 
Client Switch i.e. SW2. 


SW1 - Configuration 
SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SWl (config) # vlan 10 

SW1 (config-vlan) # name SALES 

SWl (config-vlan) #exit 

SWl (config) # vlart 20 

SWl (config-vlan) # name MKTG 

SWl (config-vlan) #exit 

SWl (config) # 
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SW1 - Verification: 


SW1 # show vlan brief 


VLAN Name Status Ports 


1 default active FaO/3, FaO/4, FaO/7, FaO/8, FaO/9, FaO/lO, FaO/ll, FaO/12, FaO/13, 

FaO/14, FaO/15, FaO/16, FaO/17, FaO/18, FaO/19, Fa0/20, FaO/21, 
FaO/22, FaO/23, FaO/24 

10 SALES active 

20 MKTG active 

1002 fddi-default act/unsup 

1003 trcrf-default act/unsup 

1004 fddinet-default act/unsup 

1005 trbrf-default act/unsup 

SW1 # 


SW2 - Verification: 


SW2 # show vlan brief 


VLAN Name Status Ports 


1 default active Fa0/3, Fa0/4, FaO/7, FaO/8, Fa0/9, Fa0/10, FaO/ll, FaO/12, Fa0/13, 

FaO/14, FaO/15, FaO/16, FaO/17, FaO/18, FaO/19, Fa0/20, FaO/21, 
FaO/22, FaO/23, FaO/24 


10 

SALES 

active 

20 

MKTG 

active 


1002 fddi-default act/unsup 

1003 trcrf-default act/unsup 

1004 fddinet-default act/unsup 

1005 trbrf-default act/unsup 

SW2 # 


Try to create VLANs on Client Switch i.e. SW2 
SW2 - Verification: 


SW2 (config) # vlan 100 

VTP VLAN configuration not allowed when device is in CLIENT mode. 
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LAB 23: ROUTER ON A STICK (INTER-VLAN ROUTING) 


OBJECTIVE: 

To configure inter-vlan routing for communication between VLANs, by configuring sub interfaces on a 
router. 


TOPOLOGY: 

Setup connectivity for the lab as below : 


Sales 

VLAN 

10 


PCI 


*0 



ROUTER 


Fa 0/0 


Fa 0/24 



SW1 - 192.168,20.50 


1 

2 

3 

4 


5 








Mktg 

VLAIM 

20 


PC2 



mm, mm 

KB 

1 1 " Jri Vg n 




PCI 

10 

192.1 6£L1 10,1/24 

PCS 

20 

192.168.120.1^24 


Pre-requisite: VLAN configuration to be done on the switch (LAB - 20) 
TASK: 

• Verify communication between the computers in Different VLAN 

• Configure Sub Interfaces and IP Routing on Router 

• Verify communication between the computers in Different VLAN 
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Verify communication between the computers in Different VLAN 


From 192.168.110.1 computer (i.e. PCI) 

ping 192.168.110.2 

PING 192.168.110.2 (192.168.110.2) 56(84) bytes of data. 

64 bytes from 192.168.110.2: icmp_seq=l ttl=64 time=24.0 ms 
64 bytes from 192.168.110.2: icmp_seq=2 ttl=64 time=24.0 ms 
64 bytes from 192.168.110.2: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.110.2: icmp_seq=4 ttl=64 time=24.0 ms 


ping 192.168.120.2 

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data. 

From 192.168.120.2 icmp_seq=l Destination Host Unreachable 
From 192.168.120.2 icmp_seq=2 Destination Host Unreachable 
From 192.168.120.2 icmp_seq=3 Destination Host Unreachable 
From 192.168.120.2 icrmp_seq=3 Destination Host Unreachable 


From 192.168.120.1 computer (i.e. PCS) 

ping 192.168.110.2 

PING 192.168.110.2 (192.168,110.2)56(84) bytes of data. 

From 192.168.110.2 icmp_seq=l Destination Host Unreachable 
From 192.168.110.2 icmp_seq=2 Destination Host Unreachable 
From 192.168.110.2 icmp_seq=3 Destination Host Unreachable 
From 192.168.110.2 icmp_seq=3 Destination Host Unreachable 


ping 192.168.120.2 

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data. 

64 bytes from 192.168.120.2: icmp_seq=l tt!=64 time=24.0 ms 
64 bytes from 192.168.120.2: icmp_seq=2 ttl=64 time=24.0 ms 
64 bytes from 192.168.120.2: icmp_seq=3 tt!=64 time=24.1 ms 
64 bytes from 192.168.120.2: icmp_seq=4 ttM>4 time=24.0 ms 
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Configure Sub Interfaces and IP Routing on Router 

ROUTER - Configuration 

ROUTER (config) # interface FastEthernet 0/0 

ROUTER (config-if) # no shutdown 

ROUTER (config-if) # exit 

ROUTER (config) # interface FastEthernet 0/0.1 

ROUTER (config-subif) # encapsulation dotlq 10 

ROUTER (config-subif) # ip address 192.168.110.254 255.255.255.0 

ROUTER (config-subif) # exit 

ROUTER (config) # interface FastEthernet 0/0.2 

ROUTER (config-subif) # encapsulation dotlq 20 

ROUTER (config-subif) # ip address 192.168.120.254 255.255.255.0 

ROUTER (config-subif) # exit 

ROUTER (config) # ip routing 

ROUTER (config) # 


ROUTER -Verification 

ROUTER # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, FI - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 

192,168.110.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.110.0/24 is directly connected, FastEthernetO/O.l 
L 192.168.110.254/32 is directly connected, GigabitEthernet0/0.1 
192.168.120.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168,120.0/24 is directly connected, FastEthernet0/0.2 
L 192.168.120.254/32 is directly connected, GigabitEthernet0/0.2 
Router# 
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Verify communication between the computers in Different VLAN 


From 192.168.110.1 computer (i.e. PCI) 

ping 192.168.110.2 

PING 192.168.110.2 (192.168.110.2) 56(84) bytes of data. 

64 bytes from 192.168.110.2: icmp_seq=l ttl=64 time=24.0 ms 
64 bytes from 192.168.110.2: icmp_seq=2 ttl=64 time=24.0 ms 
64 bytes from 192.168.110.2: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.110.2: icmp_seq=4 ttl=64 time=24.0 ms 


ping 192.168.120.2 

PING 192.168.120,2 (192.168.120.2) 56(84) bytes of data. 

64 bytes from 192.168.120.2: icmp_seq=l ttN63 time=24.0 ms 
64 bytes from 192.168.120.2: icmp_seq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.120.2: icmp_seq=3 ttl=63 time=24.1 ms 
64 bytes from 192.168.120.2: icmp_seq=4 ttl=63 time=24.0 ms 

From 192.168,120.1 computer (i.e, PC5) 

ping 192.168.110.2 

PING 192.168.110,2 (192.168,110.2) 56(84) bytes of data. 

64 bytes from 192.168.110.2: icmp_seq=l ttl=63 time=24.0 ms 
64 bytes from 192.168.110.2: icmp_seq=2 ttl=63 time=24.0 ms 
64 bytes from 192.168.110.2: icmp_seq=3 ttl=63 time=24,l ms 
64 bytes from 192.168.110.2: icmp_seq=4 ttl=63 time=24.0 ms 


ping 192.168.120.2 

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data. 

64 bytes from 192.168.120.2: iemp_seq=l ttl=64 time=24.0 ms 
64 bytes from 192.168.120.2: icmp_seq=2 tt!=64 time=24.0 ms 
64 bytes from 192.168.120.2: icmp_seq=3 ttl=64 time=24.1 ms 
64 bytes from 192.168.120.2: icmp_seq=4 ttl=64 time=24.0 ms 
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LAB 24: CISCO DISCOVERY PROTOCOL (CDP) 


OBJECTIVE: 

To enable CDP on routers and switches across the network for layer 2 troubleshooting. 

TOPOLOGY: 

Setup Switch connectivity for the lab as below: 






TASK: 

• Enable CDP 

• Verify CDP information 


I 1? 
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Enabling CDP 

SWl # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SWl(config)# cdp run 

SWl# 


Verify CDP information 


SWl - Verification : 

SWl # show cdp neighbor 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone 

Port ID 
Fas 0/24 

Cisco 2821 Gig 0/0 
Cisco 2611 Fas 0/0 
2610 Eth 0/0 


SWl # show cdp neighbor detail 


Device ID 

Local Intrfce 

Holdtme 

Capability 

Platform 

SW2 

Fas 0/24 

127 

S 1 

WS-C2950-2 

HYD-1 


Fas 0/19 

145 

RSI 

BAN 


Fas 0/13 

124 

RSI 

CHE 


Fas 0/14 

142 

R 

SWl# 


Device ID: 5W2 
Entry address(es): 

IP address: 192.168.20.51 

Platform: cisco WS-C2950-24, Capabilities: Switch IGMP 

Interface: FastEthernetO/24, Port ID (outgoing port): FastEthernetO/24 

Holdtime : 167 sec 


Version : 

Cisco Internetwork Operating System Software 

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fcl) 
Copyright (c) 1986-2003 by cisco Systems, Inc. 

Compiled Tue 04-Mar-03 02:14 by yenanh 

advertisement version: 2 

Protocol Hello: OUI=0x00000C, Protocol ID=0xO112; payload len=27, 
value=OOOOOOOOFFFFFFFFOlO221FFOO0OOOOOOOOOOOOD28FO684OFFOOOO 
VTP Management Domain: 'zoom' 

Duplex: full 

Management address(es): 


Device ID: HYD-1 
Entry address(es): 

IP address: 192.168.202.1 

Platform: Cisco 2821, Capabilities: Router Switch IGMP 

Interface: FastEthernet0/19, Port ID (outgoing port): GigabitEthernetO/O 
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Holdtime : 126 sec 
Version : 

Cisco IOS Software, 2800 Software (C2800N M-ADVE NTE RPRISEK9-M ), Version 15.1(3}T2, RELEASE 
SOFTWARE (fcl) 

Technical Support: http://www.cisco.com/techsupport 
Copyright (c) 1986-2011 by Cisco Systems, Inc. 

Compiled Wed 10-Aug-1105:17 by prodrelteam 

advertisement version: 2 
VTP Management Domain: " 

Duplex: full 

Management address(es): 


Device ID: BAM 
Entry addresses}: 

IP address: 192.168.203.1 

Platform: Cisco 2611XM, Capabilities: Router Switch IGMP 
Interface: FastEthernetO/13, Port ID (outgoing port): FastEthernetO/O 
Holdtime : 165 sec 


Version : 


Cisco IOS Software, C2 600 Software (C2600-ADVEMTERPRISEK9-M), Version 12.4(19), RELEASE 
SOFTWARE (fcl) 

Technical Support: http://www.cisco.com/techsupport 
Copyright (c) 1986-2008 by Cisco Systems, Inc. 

Compiled Fri 29-Feb-08 19:23 by prod rel team 

advertisement version: 2 
VTP Management Domain: " 

Duplex: full 

Management address(es): 


Device ID: CHE 
Entry address(es): 

IP address: 192.168.201.1 
Platform: cisco 2610, Capabilities: Router 

Interface: FastEthernetO/14, Port ID (outgoing port): EthernetO/O 
Holdtime : 122 sec 

Version : 

Cisco Internetwork Operating System Software 

IOS (tm) C2600 Software (C2600-IS-M), Version 12.1(4), RELEASE SOFTWARE (fcl) 
Copyright (c) 1986-2000 by cisco Systems, Inc. 

Compiled Wed 30-Aug-00 14:11 by cmong 

advertisement version: 2 
Duplex: half 

Management address(es): 
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LAB 25: PORT SECURITY 


OBJECTIVE: 

To implement Port Security on switches across the network. 


TOPOLOGY: 

Setup Switch connectivity for the lab as below : 


r ^ 


SWl - 192.168.20.50 



TASK: 

• Configure Port Security 

• Verify Port Security violation 

• Configure Port Security Recovery 
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Configure Port Security 

SW1 (config)# interface fastethernet 0/2 

SW1 (config-if)# switchport mode access 

SW1 (config-if)# switchport port-security maximum 1 

SW1 (config-if)# switchport port-security mac-address 0013.20B7.1232 

SW1 (config-if)# switchport port-security violation shutdown 

SW1 (config-if)# switchport port-security 

SW1 (config-if)# *Z 

SW1# 

Verify Port Security Violation 

Connect another computer (with different mac-address) to switch port no. 2 and verify the output. 

SW1 - Verification : 

SW1 # show interface status 

Port Name Status Vlan Duplex Speed Type 

Fa0/1 connected 1 a-full a-100 10/10QBaseTX 

FaO/2 err-disabled 1 auto auto 10/100BaseTX 

Fa0/3 connected 1 a-full a-100 10/10QBaseTX 


<output omitted> 


FaO/24 

SW1# 


connected 1 a-full a-100 10/lOOBaseTX 


SW1 # show port-security 

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action 


(Count) (Count) (Count) 


FaO/2 


1 


1 


1 


Shutdown 


Total Addresses in System (excluding one mac per port) : 0 
Max Addresses limit in System (excluding one mac per port) : 1024 
SW1# 
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Configure Port Security Recovery 



ZOOM 
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SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
SW1 (config)# errdisable recovery cause psecure-violation 
SW1 (config)# errdisable recovery interval 30 

SW1 (config)# exit 


SW1 # show errdisable recovery 


ErrDisable Reason Timer Status 


udld 

bpduguard 

security-violatio 

channel-misconfig 

vmps 

pagp-flap 

dtp-flap 

link-flap 

psecure-violation 

gbic-invalid 

dhcp-rate-limit 

unicast-flood 

loopback 


Disabled 

Disabled 

Disabled 

Disabled 

Disabled 

Disabled 

Disabled 

Disabled 

Enabled 

Disabled 

Disabled 

Disabled 

Disabled 


Timer interval: 30 seconds 


Interfaces that will be enabled at the next timeout: 
Interface Errdisable reason Time left(sec) 


Fa0/2 psecure-violation 15 


SW1 # 


Repeat the above steps by reconfiguring violation command (restrict and protect) and verify the 
output. 

SWl {config-if}# switchport port-security violation restrict 

OR 

SWl (config-if)# switchport port-security violation protect 
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LAB 26: SPANNING TREE PROTOCOL (STP) 


OBJECTIVE: 

To understand the default behaviour of STP and how a root bridge election takes place. 


TOPOLOGY: 

Setup Switch connectivity for the lab as below : 




TASK: 

• Verify STP behaviour 

• Change Priority to force a particular switch to become the Root Bridge 

• Verify STP 
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Verify STP default behaviour 


SWl - Verification: 

SW1 # show $panning-tree 
VLAN0001 

Spanning tree enabled protocol ieee 
Root ID Priority 32769 

Address 000c. 8577. 2040 

Cost 19 

Port 23 (FastEthernet0/23) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 000d.28f0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

Fa0/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/ll 

Desg 

LIS 

19 

128.11 

P2p 

FaO/13 

Desg 

FWD 

19 

128.13 

P2p 

Fa0/19 

Desg 

FWD 

19 

128.19 

P2p 

Fa0/23 

Root 

FWD 

19 

128.23 

P2p 

FaO/24 

Altn 

BLK 

19 

128.24 

P2p 


SWl # 


SW2 - Verification: 


SW2 # show spanning-tree 

VLAN0001 

Spanning tree enabled protocol ieee 
Root ID Priority 32769 

Address 000c.8577.2040 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 0Q0c.8577.2040 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/13 

Desg 

FWD 

19 

128.13 

P2p 

FaO/19 

Desg 

FWD 

19 

128.19 

P2p 

Fa0/23 

Desg 

FWD 

19 

128.23 

P2p 

FaO/24 

Desg 

FWD 

19 

128.24 

P2p 


SW2 # 
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Configuring particular switch to become the Root Bridge 

We can configure a switch to become the Root Bridge by giving root primary command which sets 
best bridge priority to become the root bridge. The switch with the lowest priority becomes the Root 
Bridge with all ports in forwarding state. 


SW1 - Configuration 

SW1 {config) # spanning-tree vlan 1 root primary 

SW1 (config) # end 

swi n 


SW2 - Configuration 

SW2 (config) # spanning-tree vlan 1 root secondary 

SW2 (config) # end 
SW2 n 


Verify STP 


SWI - Verification: 


SWI # show spanning-tree 

VLAN0001 

Spanning tree enabled protocol ieee 
Root ID Priority 4097 

Address OOOd. 2 8f 0.6840 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 4096 (priority 4096 sys-id-ext 1) 

Address 000d.28f0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/11 

Desg 

us 

19 

128.11 

P2p 

FaO/13 

Desg 

FWD 

19 

128.13 

P2p 

FaO/19 

Desg 

FWD 

19 

128.19 

P2p 

FaO/23 

Desg 

FWD 

19 

128.23 

P2p 

FaO/24 

Desg 

FWD 

19 

128.24 

P2p 


SWI # 
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SW2 - Verification: 

SW2 # show spanning-tree 

VLAN 0001 

Spanning tree enabled protocol ieee 
Root ID Priority 4097 

Address 000d.28f0.6840 

Cost 19 

Port 23 (FastEthernetO/23) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 


Bridge ID Priority 28673 (priority 28672 sys-id-ext 1) 

Address OOOc.8577,2040 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/13 

Desg 

FWD 

19 

128.13 

P2p 

FaO/19 

Desg 

FWD 

19 

128.19 

P2p 

FaO/23 

Root 

FWD 

19 

128.23 

P2p 

FaO/24 

Altn 

BLK 

19 

128.24 

P2p 


SW2 # 
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LAB 27 : PORTFAST AND BPDU GUARD 


OBJECTIVE: 

To understand the states of port in STP and difference after configuring Portfast and BPDU Guard. 


TOPOLOGY: 

Setup Switch connectivity for the lab as below : 


L 


/ 


24 


24 

“7 


A 


SWl - 192.168.20.50 


23 


23 




SW2 - 192.168.20.51 



7e 



TASK: 

• Verify states of port in STP 

• Configuring Postfast and BPDU guard for an Interface 

• Verify states of port in STP 

• Configuring Postfast and BPDU guard for a Switch 

• Verify Portfast and BPDU Guard configuration for a switch 

Note : PortFast is recommended only for those ports which are directly connected to PCs 
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Verify Port State in STP after enabling Portfast 


SW1 - Configuration 


SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW1 (config) # interface fastethernet 0/11 

SW1 (config-if) # shutdown 

SW1 (config-if) # no shutdown 

SW1 (config-if) # end 

SW1 # 


SW1 - Verification: 

Now quickly give show spanning-tree mutiple times to view pstates. 


SW1 # show spanning-tree 


VLAN0001 


Spanning tree enabled protocol 

ieee 

Root ID Priority 

32769 

Address 

000c.8577.2040 

Cost 

19 

Port 

23 (FastEthernetO/23) 

Hello Time 

2 sec Max Age 20 se 


Forward Delay 15 sec 


Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 000d.28f 0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

Fa0/ll 

Desg 

BLK 

19 

128.11 

P2p 

Fa0/13 

Desg 

FWD 

19 

128.13 

P2p 

Fa0/19 

Desg 

FWD 

19 

128.19 

P2p 

Fa0/23 

Root 

FWD 

19 

128.23 

P2p 

Fa0/24 

Altn 

BLK 

19 

128.24 

P2p 


SW1 # 


SW1 # show spanning-tree 

VLAN0001 


Spanning tree enabled protocol ieee 


Root ID 


Priority 

Address 

Cost 

Port 

Hello Time 


32769 

000c.8577.2040 

19 

23 (FastEthernetO/23) 

2 sec Max Age 20 sec 


Forward Delay 15 sec 
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Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 000d.28f 0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

Fa0/ll 

Desg 

LIS 

19 

128,11 

P2p 

Fa0/13 

Desg 

FWD 

19 

128,13 

P2p 

Fa0/19 

Desg 

FWD 

19 

128.19 

P2p 

Fa0/23 

Root 

FWD 

19 

128.23 

P2p 

FaO/24 

Altn 

BLK 

19 

128.24 

P2p 


SW1# 


SW1 # show spanning-tree 

VLAN0001 


Spanning tree enabled protocol ieee 


Root ID 


Priority 

Address 

Cost 

Port 

Hello Time 


32769 

000c.8577.2040 

19 

23 (FastEthernetO/23) 

2 sec Max Age 20 sec 


Forward Delay 15 sec 


Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 000d.28f0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

Fa0/7 

Desg 

FWD 

19 

128.7 

P2p 

Fa0/ll 

Desg 

LRN 

19 

128.11 

P2p 

Fa0/13 

Desg 

FWD 

19 

128.13 

P2p 

Fa0/19 

Desg 

FWD 

19 

128.19 

P2p 

Fa0/23 

Root 

FWD 

19 

128.23 

P2p 

FaO/24 

Altn 

BLK 

19 

128.24 

P2p 


SW1 # 


SW1 # show spanning-tree 
VLAN 0001 


Spanning tree enabled protocol ieee 


Root ID 


Priority 

Address 

Cost 

Port 

Hello Time 


32769 

OQOc.8577,2040 

19 

23 (FastEthernet0/23) 

2 sec Max Age 20 sec 


Forward Delay 15 sec 
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Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 000d.28f 0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/11 

Desg 

FWD 

19 

128,11 

P2p 

FaO/13 

Desg 

FWD 

19 

128,13 

P2p 

FaO/19 

Desg 

FWD 

19 

128.19 

P2p 

FaO/23 

Root 

FWD 

19 

128.23 

P2p 

FaO/24 

Altn 

BLK 

19 

128.24 

P2p 


SW1# 


Configuring Postfast and BPDU guard for an Interface 


SW1 - Configuration 


SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW1 (config) # interface fastethernet 0/11 
SW1 {config-if) # spanning-tree portfast 

%Warning: portfast should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc... to this 
interface when portfast is enabled, can cause temporary bridging loops. 
Use with CAUTION 

%Portfast has been configured on FastEthernetO/1 but will only 
have effect when the interface is in a non-trunking mode. 

SW1 (config-if) # spanning-tree bpduguard enable 

SW1 (config-if) # end 
SW1 # 

Verify Port State in STP after enabling Portfast 


SWl - Configuration 


SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
SWl (config) # interface fastethernet 0/11 

SWl (config-if) # shutdown 
SWl (config-if) # no shutdown 
SWl (config-if) # end 
SWl# 
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Now quickly give show spanning-tree mutiple times to notice that FaO/11 is placed into FWD state 
immediately. 


SW1 # show spanning-tree 
VLAN 0001 

Spanning tree enabled protocol ieee 


Root ID 


Priority 

Address 

Cost 

Port 

Hello Time 


32769 

000c.8577.2040 

19 

23 (FastEthernetO/23) 

2 sec Max Age 20 sec 


Forward Delay 15 sec 


Bridge ID Priority 
Address 000d.28f0.6840 
Hello Time 2 sec 
Aging Time 15 


32769 (priority 32768 sys-id-ext 1) 


Max Age 20 sec 


Forward Delay 15 sec 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/11 

Desg 

FWD 

19 

128.11 

P2p 

FaO/13 

Desg 

FWD 

19 

128.13 

P2p 

FaO/19 

Desg 

FWD 

19 

128.19 

P2p 

FaO/23 

Root 

FWD 

19 

128.23 

P2p 

FaO/24 

Altn 

BLK 

19 

128.24 

P2p 


SW1 # 


Configuring Postfast and BPDU guard for a Switch 


SW1 tf configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW1 (config) ft spanning-tree portfast default 

%Warning: this command enables portfast by default on all interfaces. You 
should now disable portfast explicitly on switched ports leading to hubs, 
switches and bridges as they may create temporary bridging loops, 

SW1 (config) # spanning-tree portfast bpduguard default 

SWl (config) # end 
SW1# 
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Verify Portfast and BPDU Guard configuration for switch 


SWl - Verification: 


SW 1 # show spanning-tree summary 

Switch is in pvst mode 

Root bridge for: VLAN0001, VLANOOIO, VLAN0020 
EtherChannel misconfig guard is enabled 


Extended system ID 

is enabled 




Portfast Default 

is enabled 




PortFast BPDU Guard Default 

is enabled 




Portfast BPDU Filter Default 

is disabled 




Loopguard Default 

is disabled 




UplinkFast 

is disabled 




BackboneFast 

is disabled 




Pathcost method used 

is short 




Name Blocking 

Listening 

Learning 

Forwarding 

STP Active 

VLAN0001 0 

0 

0 

8 

8 

VLAN0010 0 

0 

0 

3 

3 

VLAN0020 0 

0 

0 

3 

3 

3 vlans 0 

0 

0 

14 

14 


SWl # 
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LAB 28: ETHERCHANNEL 


OBJECTIVE: 


To configure Etherchannel for link aggregation 


TOPOLOGY: 

Setup Switch connectivity for the lab as below : 


Port Channel 1 



TASK: 

• Configure Etherchanne 

• Verify Etherchannel 
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Configure Etherchannel 


SWl - Etherchannel Configuration 

SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SWl {config) # interface range fa 0/23 -24 

SWl {config-if-range) if channel-group 1 mode on 

Creating a port-channel interface Port-channel 1 

SWl (config-if-range) tt end 

SWl tt 


SW2 - Etherchannel Configuration 

SW2 tt configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

SW2 (config) # interface range fa 0/23 -24 

SW2 (config-if-range) tt channel-group 1 mode on 

Creating a port-channel interface Port-channel 1 

SW2 (config-if-range) tt end 

SW2 tt 


Verify Etherchannel 

SWl - Verification: 

SWl # show etherchannel 1 summary 

Flags: D - down P - bundled in port-channel 

I - stand-alone s- suspended 
H - Hot-standby (LACP only) 

R - LayeBAN S - LayeHYD-1 
U - in use f - failed to allocate aggregator 

M - not in use, minimum links not met 
u - unsuitable for bundling 
w - waiting to be aggregated 
d - default port 

Number of channel-groups in use: 1 
Number of aggregators: 1 

Group Port-channel Protocol Ports 

— — . — ) . — ■ — . — — — — 


l 


Pol(SU) 


FaO/23(P) FaO/24(P) 


SWl # 
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SW1 # show interface port-channel 1 
Port-channell is up, line protocol is up (connected) 

Hardware is EtherChannel, address is 000f.8fl6.3cl7 (bia 000f,8fl6,3cl7) 
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation ARPA, loopback not set 
Full-duplex, lOOMb/s, media type is unknown media type 
input flow-control is off, output flow-control is off 
Members in this channel: FaO/23 FaO/24 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:49, output 00:00:01, output hang never 
Last clearing of "show interface" counters never 
Input queue: 0/75/0/0 (size/max/drops/flushes); Total Output drops: 0 
Queueing strategy: fifo 
Output queue: 0/40 (size/max) 

5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
247 packets input, 18093 bytes, 0 no buffer 
0 runts, 0 giants, 0 throttles 
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 
0 input packets with dribble condition detected 
222 packets output, 15835 bytes, 0 underruns 
0 output errors, 0 collisions, 1 interface resets 
0 babbles, 0 late collision, 0 deferred 
0 lost carrier, 0 no carrier, 0 PAUSE output 
0 output buffer failures, 0 output buffers swapped out 

SW1 # show etherchannel port-channel 

Channel-group listing: 


Group: 1 


Port-channels in the group: 


Port-channel: Pol 


Age of the Port-channel = 0d:00h:10m:05s 

Logical slot/port =1/0 Number of ports = 2 

GC =0x00000000 HotStandBy port = null 

Port state = Port-channel Ag-lnuse 

Protocol = - 

Ports in the Port-channel: 

Index Load Port EC state No of bits 

0 00 FaO/23 On/FEC 0 

0 00 Fa0/24 On/FEC 0 

Time since last port bundled: 0d:00h:20m:05s FaO/24 


CCNA Lab Manual 


Page 


www.zoomgroup.com 
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Port Name 

Status Vlan 

Duplex Speed Type 

FaO/1 

notconnect 1 

auto 

auto 10/100BaseTX 

FaO/2 

i 

coutput omitted> 

! 

FaO/2 1 

notconnect 1 

auto 

auto 10/100BaseTX 

notconnect 1 

auto 

auto 10/100BaseTX 

FaO/22 

notconnect 1 

auto 

auto 10/100BaseTX 

FaO/23 

connected 1 

a-full 

a-lOO 10/100BaseTX 

FaO/24 

connected 1 

a-full 

a-100 10/100BaseTX 

Pol 

connected l 

a-full 

a-100 


SW1 # show spanning-tree 


VLAN0001 

Spanning tree enabled protocol ieee 


Root ID 


Priority 

Address 

Cost 

Port 

Hello Time 


32769 

000c.8577.2040 

19 

23 (FastEthernetO/23) 

2 sec Max Age 20 sec 


Forward Delay 15 sec 


Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 

Address 000d.28f0.6840 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/1 1 

Desg 

FWD 

19 

128.11 

P2p 

FaO/19 

Desg 

FWD 

19 

128.13 

P2p 

FaO/2 0 

Desg 

FWD 

19 

128.19 

P2p 

FaO/2 1 

Root 

FWD 

19 

128.23 

P2p 

FaO/22 

Altn 

BLK 

19 

128.24 

P2p 

Pol 

Desg 

FWD 

12 

128.65 

P2p 


SW1 # 
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SW2 - Verification: 


SW2 # show etherchanneU 1 summary 

Flags: D - down P - bundled in port-channel 
I - stand-alone s - suspended 
H - Hot-standby (LACP only) 

R - LayeBAN S - LayeHYD-1 
U - in use f - failed to allocate aggregator 

M - not in use, minimum links not met 
U - unsuitable for bundling 
w - waiting to be aggregated 
d - default port 

Number of channel-groups in use: 1 
Number of aggregators: 1 


Group 

4 - 

Port-channel Protocol 

4- -L 

Ports 

T 

i 

T T 

Pol(SU) 

FaO/23(P) FaO/24(P) 


SW2 # 


SW2 # show interface port-channel 1 
Port-channell is up, line protocol is up (connected) 

Hardware is EtherChannel, address is 000f.8fl6.3cl7 (bia 000f.8fl6.3cl7) 
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation ARPA, loopback not set 
Full-duplex, lOOMb/s, media type is unknown media type 
input flow-control is off, output flow-control is off 
Members in this channel: Fa0/23 Fa0/24 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:49, output 00:00:01, output hang never 
Last clearing of "show interface" counters never 
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 
Queueing strategy: fifo 
Output queue: 0/40 (size/max) 

5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
247 packets input, 18093 bytes, 0 no buffer 
0 runts, 0 giants, 0 throttles 

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 
0 input packets with dribble condition detected 
222 packets output, 15835 bytes, 0 underruns 
0 output errors, 0 collisions, 1 interface resets 
0 babbles, 0 late collision, 0 deferred 
0 lost carrier, 0 no carrier, 0 PAUSE output 
0 output buffer failures, 0 output buffers swapped out 
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SW2 # show etherchannel port-channel 

Channel-group listing: 


Group: 1 


Port-channels in the group: 


Port-channel: Pol 


Age of the Port-channel = Od:OOh :10m :05s 

Logical slot/port =1/0 Number of ports = 2 

GC - 0x00000000 HotStandBy port = null 

Port state = Port-channel Ag-lnuse 

Protocol = - 

Ports in the Port-channel: 

Index Load Port EC state No of bits 

0 00 Fa0/23 On/FEC 0 

0 00 FaO/24 On/FEC 0 


Time since last port bundled: 0d:00h:20m:05s FaO/24 


SW2 # show interface status 



Port Name 

Status Vlan 

Duplex Speed Type 

FaO/l 

notconnect 1 

auto 

auto 10/100BaseTX 

Fa0/2 

i 

■ 

coutput omitted> 

i 

i 

Fa0/21 

notconnect 1 

auto 

auto 10/100BaseTX 

notconnect 1 

auto 

auto 10/100BaseTX 

Fa0/22 

notconnect 1 

auto 

auto 10/100BaseTX 

Fa0/23 

connected 1 

a-full 

a-100 10/100BaseTX 

FaO/24 

connected 1 

a-full 

a-100 10/100BaseTX 

Pol 

connected 1 

a-full 

a-100 
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SW2 # show spanning-tree 



ZOOM 


TECHNOLOGI E 


VLAN 0001 

Spanning tree enabled protocol ieee 


Root ID Priority 

Address 

Cost 

Port 

Hello Time 


4097 

000d.28f0.6840 

19 

23 (FastEthernetO/23) 

2 sec Max Age 20 sec 


Forward Delay 15 sec 


Bridge ID Priority 28673 (priority 28672 sys-id-ext 1) 

Address 000c.8577.2040 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 15 


Interface 

Role 

Sts 

Cost 

Prio.Nbr 

Type 

FaO/7 

Desg 

FWD 

19 

128.7 

P2p 

FaO/11 

Desg 

FWD 

19 

128.11 

P2p 

FaO/19 

Desg 

FWD 

19 

128.13 

P2p 

Fa0/20 

Desg 

FWD 

19 

128.19 

P2p 

FaO/21 

Root 

FWD 

19 

128.23 

P2p 

FaO/22 

Altn 

BLK 

19 

128.24 

P2p 

Pol 

Desg 

FWD 

12 

128.65 

P2p 


SW2 n 
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LAB 29: SWITCHED PORT ANALYZER (SPAN) 


OBJECTIVE: 

To enable SPAM on switch port for capturing data traffic. 


TOPOLOGY: 

Setup Switch connectivity for the lab as below: 



FaO/O 


19 


Wireshark 

Pre-requisite: Computer should have Wireshark software installed and running. 





TASK: 

• Enable SPAM 

• Verify SPAN 
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ZOOM 


TECHNOLOGI E 


SW1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
SWl(config)# monitor session 1 source interface fastEthernet 0/11 
SWl(config)# monitor session 1 destination interface fastEthernet 0/2 

SW1 # 


Verify SPAN 

SW1 - Verification: 


SW1 # show monitor 


Session 1 

Type 

Local Session 

Source Ports 


Both 

Fa 0/9 

Destination Ports 

Fa 0/8 

Encapsulation 

Native 

Ingress 

Disabled 


Verification on Computer with Wireshark (PC2) : 

• Start Wireshark Application on PC2 and click START button for capturing packets. 

• Now Telnet the Router from PCI. 

• Verify the packet capturing activity on Wireshark 


C 



Capturing Prom Ethernet [Wire-shark 1 . 10,2 (SVN Rev h 1934 horn /trunk - 1 10)1 

- D 1 | 


Eile 

Edit yiew Go Gaplu 

re Analyze Slatiitics 

Ttitahcnv Inols Internals 

Help 




C 

® 4 ■ to 

?! K 2? ^ * 

+ * T £ l[B]H 

1 ^ n * m w & n 



Filler 




Apply SdVC 



Nu. 

Tbnt 

Soorfi 


Protocol 

tength irtfc 


A 


3 D, 00S106M0 

172. 31. 31.56 

224. 0. 0. 252 

LLMNR 

64 Standard query 0x6bd2 A ^pad 




4 0. 10IQ54M0 

172. 31. 31,56 

172. 31. 31,255 

l)DP 

60 Source port: terrslnaldb Destination port: terminal db 




5 0.101493MO 

172. 31. 31.56 

172. 31. 31,255 

o Op 

60 source port: raid -an uestl nation port e raid -am 




6 0.1Qa212MO 

172. 31. 31,56 

224.0, 0.252 

LLMNR: 

64 Standard query 0x6 bd2 .4 wpad 




7 0.202107000 

172. 31. 31.56 

172.31. 31.255 

OOP 

60 source port: temlna'ldb Destination port: terminal db 




3 0. 202463000 

172. 31. 31.56 

172.31. 31.255 

UCP 

60 source port: raid -an Destination port: raid -am 




9 0. 3Q3062D0D 

172. 31. 31.56 

172.11. 31.255 

LI CP 

60 Source pur-E: Lurr i tialcib Des-ti nation port: 1 trm 1 rii.1 db 




10 0.303578000 

172.31. 31.56 

172.11. 31.255 

13 DP 

60 Source port: raid- an Dc-:„t i rut i or: port: raid am 




11 0 . 3 OH 7670 GO 

172 . 31 . 31,56 

172 . 31 . 31,255 

NBHS 

42 Name query NC WPa&eOO> 




12 0.332113000 

172. 31, 31.152 

37.252,253.61 

TCP 

54 bmc-perf -mgrd > 5936 [ack] seq-1 Atk-1 win-1232 Len-Q 




13 0.404169000 

172. 31, 31.56 

172,31. 31.255 

OOP 

60 source port: terrilnaldb Destination port: terminaldb 




14 0.404525000 

172. 31. 31.56 

.172.31. 31.255 

UCP 

60 source port: raid -an Destination port : raid -am 




16 0.505010000 

172.31. 31.56 

172.11. 31.255 

OOP 

60 Source port: terrsinaldb Destination port : terminalUb 


V 


ft enri'nAAA -in H -» HI CjE ~t TTi H "i-i "NCC Jinn IT- _ n — a £ -l 


+ era™ 13 60 byres on wire CiflO bits), 60 byres captured (4 SO bits) on interface 0 


Ethernet 11, Src: 

Sony 94 : 96:cb <78 :&J :: 3ce94 : 96 :tb) , 

Dst e broadcast <ff :ff :ff ;ff : ff :f f) 

internet Protocol 

version 4, src: 172,31,31.56 <172. 

31.31,56), DSC ! 172.31.31.255 <172.31.31.255) 

user datagram protocol, src port: tectiinaldb- £2006) . 

Dst port: terminal Ob <2008 ) 

□ata <12 bytes) 


MOO 

ff 

ff 

ff 

ff 

ff 

ff 

7E 

84 

3C 

91 

96 

tb 

oa 

00 

45 

DO 

a j i « a .1 ^ i ■ ii i i E a 

001 0 

00 

26 

4a 

dO 

DO 

00 

ao 

11 

sa 

71 

at 

ir 

ir 

3a 

ac 

If 

. <j x a.. 

0020 

If 

ff 

07 

da 

07 

d£ 

00 

14 

9l 

ci 

42 

43 

2D 

2d 

37 

7 a 

EC 7 ST 

M3D 

Of 

66 

6-d 

2d 

%Q 

4 J 

00 

DD 

PD 

pp 

DP 

DO 





OOm-PC 
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LAB 30: STANDARD ACCESS CONTROL LIST ON IPv4 NETWORK 

(NUMBERED) 


OBJECTIVE: 

To configure and implement access-list on HYD-1 such that 192.168.201.10 should not communicate 
with 192.168.202.0 network 


TOPOLOGY: 

Configure Ethernet and Serial IP addresses for the lab as below : 



Fa 0/0 192.168.201.0/24 

S 0/0 172.16.0.0/16 



Fa 0/0 192.168.203.0/24 

S 0/1 172.17.0.0/16 


S 0/0/0 172.17.0.0/16 


S 0/0/1 172.16.0.0/16 


Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB - 3 and 4) 


TASK: 

• Verify communication between computers / networks before configuring the access list 

• Configure and implement Standard ACL - Numbered 

• Verify blocked communication between computers / networks specified in ACL 
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Verify communication between computers / networks before configuring the access list 


From 192.168.201.10 Computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202,10 (192,168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 

PING 192.168.203,10 (192.168.203,10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

From 192.168.202.20 computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202,10 (192.168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp _seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 
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Configure and Implement Standard ACL - Numbered 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with GNTL/Z. 
HYD-1 (config) # access-list 10 deny 192.168.201.10 0.0.0.0 
HYD-1 (config) # access-list 10 permit any 
HYD-1 (config) # 

HYD-1 (config) # interface FastEthernet 0/0 
HYD-1 (config-if) # ip access-group 1 out 
HYD-1 (config-if) # end 
HYD-1# 


HYD-1 - Verification: 


HYD-1 # show ip access-lists 
Standard IP access list 10 
10 deny 192.168.201.10 
20 permit any 
HYD-1# 

HYD-1 # show ip interface FastEthernet 0/0 

FastEthernet0/0 is up, line protocol is up 
Internet address is 192.168.202.1/24 
Broadcast address is 255.255.255.255 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Outgoing access list is 10 
Inbound access list is not set 
Proxy ARP is enabled 
Local Proxy ARP is disabled 
Security level is default 
Split horizon is enabled 

i 

<output omitted> 

i 

* 

WCCP Redirect outbound is disabled 
WCCP Redirect inbound is disabled 
WCCP Redirect exclude is disabled 
HYD-1# 
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Verify blocked communication between computers / networks specified in ACL 


From 192.168.201.10 computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

From 192.168.202.1 icmp_seq=l Packet filtered 

From 192.168.202.1 icmp_seq=2 Packet filtered 

From 192.168.202.1 icmp_seq=3 Packet filtered 

From 192.168.202.1 icmp_seq=4 Packet filtered 

From 192.168.202.1 icmp_seq=5 Packet filtered 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

From 192.168.201.20 computer in CHE Network 

ping 192.168.202.10 


PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq-l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttN62 time=24.2 ms 


CCNA Lab Manual 


Page 


206 


www.zoomgroup.com 



ZOOM 

TECHNOLOGIES 



LAB 31: STANDARD ACCESS CONTROL LIST ON IPv4 NETWORK 

(NAMED) 


OBJECTIVE: 

To configure and implement access-list on HYD-1 such that 192.168.203.10 should only communicate 
with 192.168.202.0 network. (Configure ACL with minimum statements) 


TOPOLOGY: 

Configure Ethernet and Serial IP addresses for the lab as below : 




Fa 0/0 192.168.201.0/24 

S 0/0 172.16.0.0/16 




SO/1 172.17.0.0/16 


S 0/0/0 172.17.0.0/16 


S 0/0/1 172.16.0.0/16 


Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB - 3 and 4) 


TASK: 

• Verify communication between computers / networks before configuring the access list 

• Configure and implement Standard ACL - Named 

• Verify blocked communication between computers / networks specified in ACL 
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Verify communication between computers / networks before configuring the access list 


From 192.168.201.10 Computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202,10 (192.168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 tt!=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 

PING 192.168.203,10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 


From 192.168.202.20 computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 
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From 192.168.203.10 Computer in BAN Network 

ping 192.168.202.10 


PING 192.168.202,10 (192.168.202,10) 56(84) bytes of data, 

64 bytes from 192.168.202.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202,10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms 

From 192.168.203.20 computer in BAN Network 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 ttk62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.Q ms 


ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.201,10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms 
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Configure and Implement Standard ACL - Named 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # ip access-list standard zoom 
HYD-1 (config-std-nacl) # permit 192.16S.203.10 0.0.0.0 
HYD-1 (config-std-nacl) # exit 
HYD-1 (config) # 

HYD-1 (config) # interface fastethernet 0/0 
HYD-1 (config-if) # ip access-group zoom out 
HYD-1 (config-if) # end 
HYD-1# 


HYD-1 - Verification : 

HYD-1 # show ip access-lists 

Standard IP access list zoom 
10 permit 192.168.203.10 

HYD-1# 

HYD-1 # show ip interface FastEthernet 0/0 

FastEthernetO/O is up, line protocol is up 
Internet address is 192,168.202.1/24 
Broadcast address is 255.255.255.255 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 

Outgoing access list is zoom 
Inbound access list is not set 
Proxy ARP is enabled 
Local Proxy ARP is disabled 
Security level is default 
Split horizon is enabled 


coutput omitted> 


WCCP Redirect outbound is disabled 
WCCP Redirect inbound is disabled 
WCCP Redirect exclude is disabled 
HYD-1# 




Page 


www.zoomgroup.com 



ZOOM 

TECHNOLOGIES 



Verify blocked communication between computers / networks specified in ACL 


From 192.168.201.10 Computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

From 192.168.202.1 icmp_seq=l Packet filtered 

From 192.168.202.1 icmp_seq=2 Packet filtered 

From 192.168.202.1 icmp_seq=3 Packet filtered 

From 192.168.202.1 icmp_seq=4 Packet filtered 

From 192.168.202.1 icmp_seq=5 Packet filtered 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203,10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 


From 192.168.202.20 computer in CHE Network 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84} bytes of data. 

From 192.168.202.1 icmp_seq=l Packet filtered 

From 192.168.202.1 icmp_seq=2 Packet filtered 

From 192.168.202.1 icmp_seq=3 Packet filtered 

From 192.168.202.1 icmp_seq=4 Packet filtered 

From 192.168.202.1 icmp_seq=5 Packet filtered 


ping 192.168.203.10 

PING 192.168.203.10 (192.168. 
64 bytes from 192.168.203.10: 
64 bytes from 192.168.203.10: 
64 bytes from 192.168.203.10: 
64 bytes from 192.168.203.10: 
64 bytes from 192.168.203.10: 


203.10) 56(84) bytes of data. 
cmp_seq=25 ttl=62 time=24,l ms 
cmp_seq=26 ttl=62 time=24.1 ms 
cmp_seq=27 ttl=62 time=24.3 ms 
cmp_seq=28 ttl=62 time=24,2 ms 
cmp_seq=29 ttl=62 time=24.2 ms 
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From 192.168.203,10 Computer in BAN Network 

ping 192.168.202.10 


PING 192.168.202,10 (192.168.202,10) 56(84) bytes of data. 

64 bytes from 192.168.202.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms 

From 192.168,203.20 computer in BAN Network 

ping 192.168.202.10 

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data. 

From 192.168.202.1 icmp_seq=l Packet filtered 
From 192.168.202.1 icmp_seq=2 Packet filtered 
From 192.168.202.1 icmp_seq=3 Packet filtered 
From 192.168.202.1 icmp_seq=4 Packet filtered 
From 192.168.202.1 icmp_seq=5 Packet filtered 


ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq-29 ttM62 time=24.2 ms 
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LAB 32: EXTENDED ACCESS CONTROL LIST ON IPv4 NETWORK 

(NUMBERED) 


OBJECTIVE: 

Deny HYD-1 Network (i,e. 192,168.202.0/24) from accessing HTTP server (i.e. 192,168.203.10) in BAN 
Network and also deny ping to CHE Network (i.e. 192.168.201.0/24) 


TOPOLOGY: 


Configure Ethernet and Serial IP addresses for the lab as below : 




Fa 0/0 192.168,201.0/24 

S 0/0 172.16.0.0/16 




S 0/1 172,17,0.0/16 



S 0/0/0 172.17.0.0/16 

S 0/0/1 172.16.0.0/16 


Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB - 3 and 4) 


TASK: 

• Verify services and communication between computers / networks before configuring the 
extended access list. 

• Configure and implement Extended ACL - Numbered 

• Verify blocked services and communication between computers / networks specified in ACL 
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Verify services and communication between computers / networks before configuring the 

Extended Access List 


From 192.168.202.10 Computer in HYD-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq=2 tt!=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=5 ttl=62 time=24.1 ms 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_$eq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icnrtp_seq=29 ttl=62 time=24.2 ms 

Try to access HTTP Server via browser (i.e. http://192.168.203.10) 

You should able to see Test web page, indicates http service is allowed. 


Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify 
the outputs 
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Configure and Implement Extended ACL - Numbered 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # access-list 101 deny tcp 192.168.202.0 0.255.255.255 192.168.203.10 0.0.0.0 eq www 
HYD-1 (config) # access-list 101 deny icmp 192.168.202.0 0.255.255.255 192.168.201.0 0.0.0.255 echo 
HYD-1 (config) # access-list 101 permit ip any any 


HYD-1 (config) # interface FastEthernet 0/0 
HYD-1 (config-if) # ip access-group 101 in 
HYD-1 (config-if) # exit 


HYD-1 - Verification : 

HYD-1 # show ip access-lists 
Extended IP access list 101 

10 deny tcp 192.168.202.0 0.255.255.255 host 192.168.203.10 eq www (5 matches) 

20 deny icmp 192.168.202.0 0.255.255.255 192.168.201.0 0.0.0.255 echo (10 matches) 
30 permit ip any any (87 matches) 

HYD-1# 

HYD-1 # show ip interface FastEthernet 0/0 

FastEthernet0/0 is up, line protocol is up 
Internet address is 192.168.202.1/24 
Broadcast address is 255.255.255.255 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Multicast reserved groups joined: 224.0.0.5 224.0.0.6 
Outgoing access list is not set 
Inbound access list is 101 
Proxy ARP is enabled 
Local Proxy ARP is disabled 
Security level is default 

Split horizon is enabled 

l 

* 

coutput omitted> 

! 

WCCP Redirect outbound is disabled 
WCCP Redirect inbound is disabled 
WCCP Redirect exclude is disabled 
HYD-1# 
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Verify blocked services and communication between computers / networks specified in ACL 


From 192.168.202.10 Computer in HYD-1 Network 

ping 192,168.201.10 


PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

From 192.168.202.1 icmp_seq=l Packet filtered 

From 192.168.202.1 icmp_seq=2 Packet filtered 

From 192.168.202.1 icmp_seq=3 Packet filtered 

From 192.168.202.1 icmp_seq=4 Packet filtered 

From 192.168,202.1 icmp_seq=5 Packet filtered 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203,10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

Try to access HTTP Server via browser (i.e. http://192.168.203.10) 

You should not able to see Test web page, indicates http service is blocked. 


Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify 
the outputs 
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LAB 33: EXTENDED ACCESS CONTROL LIST ON IPv4 NETWORK 

(NAMED) 


OBJECTIVE: 

Allow PC from HYD-1 Network (i.e. 192,168.202.10/24) to access FTP server (i.e. 192.168,201.10) in 
CHE Network. (Configure ACL with minimum statements) 


TOPOLOGY: 

Configure Ethernet and Serial IP addresses for the lab as below : 




Fa 0/0 192.168,201.0/24 

S 0/0 172.16.0.0/16 




S 0/1 172,17,0.0/16 



S 0/0/0 172.17.0.0/16 

S 0/0/1 172.16.0.0/16 


Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB - 3 and 4) 


TASK: 

• Verify services and communication between computers / networks before configuring the 
extended access list. 

• Configure and implement Extended ACL - Numbered 

• Verify blocked services and communication between computers / networks specified in ACL 
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Verify services and communication between computers / networks before configuring the 

Extended Access List 


From 192.168.202.10 Computer in HYD-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq=2 tt!=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=5 ttl=62 time=24.1 ms 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icrrtp_seq=29 ttl=62 time=24.2 ms 

Try to access FTP Server via browser (i.e. ftp://192.168.203.10) 

You should able to see files on ftp server, indicates ftp service is allowed. 


Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify 
the outputs 
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Configure and Implement Extended ACL - Numbered 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip access-list extended cisco 

HYD-l(config-ext-nacl) # permit tcp 192.168.202.10 0.0.0.0 192.168.201.10 0.0.0.0 eq ftp 

HYD-l(config-ext-nacl) # exit 
HYD-1 (config) # 

HYD-1 (config) # interface FastEthernet 0/0 
HYD-1 (config-if) # ip access-group cisco in 
HYD-1 (config-if) # exit 

HYD-1 - Verification : 

HYD-1 - Verification : 

HYD-1 # show ip access-lists 
Extended IP access list cisco 

10 deny tcp host 192.168.202.10 0.255,255.255 host 192.168.203.10 eq ftp (2 matches) 
HYD-1# 

HYD-1 # show ip interface FastEthernet 0/0 

FastEthernetO/O is up, line protocol is up 
Internet address is 192.168.202.1/24 
Broadcast address is 255.255.255.255 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Multicast reserved groups joined: 224.0.0.5 224.0.0.6 
Outgoing access list is not set 
Inbound access list is cisco 
Proxy ARP is enabled 
Local Proxy ARP is disabled 
Security level is default 
Split horizon is enabled 

j 

coutput omitted> 


WCCP Redirect outbound is disabled 
WCCP Redirect inbound is disabled 
WCCP Redirect exclude is disabled 
HYD-1# 
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Verify blocked services and communication between computers / networks specified in ACL 


From 192.168.202.10 Computer in HYD-1 Network 

ping 192,168.201.10 


PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

From 192.168.202.1 icmp_seq=l Packet filtered 

From 192.168.202.1 icmp_seq=2 Packet filtered 

From 192.168.202.1 icmp_seq=3 Packet filtered 

From 192.168.202.1 icmp_seq=4 Packet filtered 

From 192.168.202.1 icmp_seq=5 Packet filtered 


ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

From 192.168,202.1 icmp_seq=l Packet filtered 
From 192.168.202.1 icmp_seq=2 Packet filtered 
From 192.168,202.1 icmp_seq=3 Packet filtered 
From 192.168,202.1 icmp_seq=4 Packet filtered 
From 192.168.202.1 icmp_seq=5 Packet filtered 

Try to access FTP Server via browser (i.e. ftp://192.168.203.10) 

You should able to see files on ftp server, indicates ftp service is allowed. 


Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify 
the outputs 
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LAB 34: ACCESS CONTROL LIST ON IPv6 NETWORK 


OBJECTIVE: 

Deny HYD-1 Network - PC (i.e. 2001:llll::10/64) from accessing HTTP server (i.e, 2001:2222:;10/64) 
in HYD-2 Network. 


TOPOLOGY: 

Configure Ethernet IP addresses for the lab as below : 


Fa 0/1 


Fa 0/1 



Fa 0/0 

2001 : 1111 ::! 


Fa 0/0 

2001:2222-1 





Fa 0/0 

2001:1111:764 


Fa 0/1 2001 :5555::/64 



Fa 0/1 2001:5555::/64 


Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB - 3 and 4) 


TASK: 

• Verify communication between computers / networks before configuring the access list 

• Configure and implement IPv6 ACL 

• Verify blocked communication between computers / networks specified in ACL 
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Verify communication between computers / networks before configuring the access list 


From 2001:1111::10 Computer in HYD-1 Network 

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux) 

PING 2001:2222::10(2001:2222::10) 56 data bytes 
64 bytes from 2001:2222::10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001 :2222 : : 10: icmp_seq=2 ttl=62 tlme=0.361 ms 
64 bytes from 2001 :2222 : : 10: icmp_seq=3 ttl=62 tlme=0.335 ms 
64 bytes from 2001 ;2222 : : 10: icmp_seq=4 ttl=62 time=0.336 ms 


Try to access HTTP Server via browser (i.e. http://2001:2222::10) 

You should able to see Test web page, indicates http service is allowed. 

From 2001:1111::20 Computer in HYP-1 Network 

ping 2001:2222::10 (Windows) or pingS 2001:2222::10 (Linux) 

PING 2001:2222::10(2001:2222::10) 56 data bytes 
64 bytes from 2001:2222:: 10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms 


Try to access HTTP Server via browser (i.e. http://2001:2222::10) 

You should able to see Test web page, indicates http service is allowed. 
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Configure and Implement Extended ACL - Named 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ipv6 access-list cisco 

HYD-1 (config-ipv6-acl) # deny tcp 2001:1111 ::10/64 2001:2222::10/64 eq 80 
HYD-1 (config-ipv6-acl) # permit ipv6 any any 
HYD-l(config-ipv6-acl) # exit 
HYD-1 (config) # 

HYD-1 (config) # interface FastEthernet 0/0 
HYD-1 (config-if) # ipv6 traffic-filter cisco in 
HYD-1 (config-if) # exit 
HYD-1 (config)ff 

HYD-1 - Verification : 

HYD-1 # show ipv6 access-list 
IPv6 access list cisco 

deny tcp 2001:llll::/64 2001:2222 : :/64 eq www sequence 10 
permit ipv6 any any (22 matches) sequence 20 


HYD-lff 
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Verify blocked communication between computers / networks specified in ACL 


From 2001:1111::10 Computer in HYD-1 Network 

ping 2001;2222:;1Q (Windows) or pingG 2001:2222;: 10 (Linux) 

From 2Q01:1111::1 icmp_seq=l Packet filtered 
From 2001:1111::! icmp_seq=2 Packet filtered 
From 2001:1111::! icmp_seq=3 Packet filtered 
From 2001:1111::! icmp_seq=4 Packet filtered 
From 2001:1111::! icmp_seq=5 Packet filtered 

Try to access HTTP Server via browser (i.e. http://2001:2222::10) 

You should not able to see Test web page, indicates http service is blocked. 


From 2001:1111::20 Computer in HYD-1 Network 

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux) 

PING 2001:2222::10(2001:2222::10) 56 data bytes 
64 bytes from 2001:2222:: 10: icmp_seq=l ttl=62 time=0.494 ms 
64 bytes from 2001:2222:: 10: icmp_seq=2 ttl=62 time=0.361 ms 
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms 
64 bytes from 2001:2222:: 10: icmp_seq=4 ttl=62 time=0.336 ms 


Try to access HTTP Server via browser (i.e. http://2QQl:2222;:lQ) 

You should able to see Test web page, indicates http service is allowed. 


CCNA Lab Manual 


Page 


224 


www.zoomgroup.com 



LAB 35: DEFAULT ROUTING 


OBJECTIVE: 

To configure default routing for accessing Internet. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below : 







Fa 0/0 

192.168.201.0/24 


S0/0 202.1.0.16/29 


INTERNET 


TASK: 

• Configure WAN Interface 

• Configure Default Routing 

• Verify Default Routing 

• Verify communication from LAN to the Internet 
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Configure WAN Interface 

Configure WAN Interface IP address according to topology diagram (i.e. IP addresses provided by ISP) 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE {config)# interface serial 0/0 

CHE {config-if)# ip address 202.1.0.18 255.255.255.248 

CHE (config-if)# no shutdown 

CHE (config-if)# encapsulation ppp 

CHE (config-if)# exit 

CHE (config)# 


Configure Default Routing 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
CHE (config) # ip route 0.0.0.0 0.0.0.0 SerialO/O 
CHE (config) # exit 
CHE (config) # 


Verify Default Routing 

Once Default routing is configured IP Network defined through the default routing command is 
added into the routing information table. represents Default route. 

CHE - Verification: 


CHE # show ip route 


Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

C 202.1,0.16/29 is directly connected, SerialO/O 
C 192.168.201.0/24 is directly connected, FastEthernetO/O 
S* 0.0.0.0/0 [1/0] via SerialO/O 
CHE# 


CCNA Lab Manual 


Page 


226 


www.zoomgroup.com 


Verify communication from LAN to the Internet. 


Verification from PCI 


ping 8.8.8.8 


PING 8. 8. 8.8 (8.8. 8.8) 56(84) bytes of data. 

64 bytes from 8. 8.8. 8: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 8. 8.8. 8: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 8. 8.8. 8: icmp_seq=3 tt 1=62 time=24.1 ms 
64 bytes from 8. 8.8. 8: icmp_seq=4 ttl=62 time=24.0 ms 
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LAB 36: STATIC NAT 


OBJECTIVE: 

To configure Static NAT for Hosting Pubic Servers on the Internet. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below : 




INTERNET 


50/0 v 


y 


202.1.0.18 


JT3 

1113 



Fa 0/0 
192.168.201.1 





4 m 


■ ■ 




Fa 0/0 

192.168.201.0/24 


S 0/0 


202.1.0.16/29 


Pre-requisite: Default Routing configuration to be done on the router (LAB - 31) 


TASK: 

• Configure Static NAT 

• Verify Static NAT 

• Verify Static NAT Packets 

• Verify communication from Internet to Server 
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Configure Static NAT 

CHE (config) # interface serial 0/0 
CHE {config-if) # ip nat outside 
CHE {config-if) # exit 

CHE (config) # interface FastEthernet 0/0 
CHE (config-if) ft ip nat inside 
CHE (config-if) # exit 

CHE (config)# ip nat inside source static 192.168.201.10 202.1.0.19 


Verify Static NAT 

CHE - Verification 

CHE # show ip nat translation 

Pro Inside global Inside local Outside local Outside global 

202.1.0.19 192.168.201.10 


CHE # 


CHE # show ip nat statistics 

Total active translations: 1 (1 static, 0 dynamic; 0 extended) 
Outside interfaces: 

Serial0/0 
Inside interfaces: 

FastEthernet0/0 
Hits:0 Misses: 0 
Expired translations: 0 
Dynamic mappings: 


CHE# 
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Verify Static NAT Packets 

Verify Static NAT Packets by enabling debug commands 


CHE# debug ip nat 

IP NAT debugging is on 

CHE # terminal monitor 

CHE# 

00:16:38: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [2257S| 
00:16:38: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4074] 
00:16:39: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22576] 
00:16:39: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4075] 
00:16:40: NAT*: s=192.168,201.10->202.1.0.19, d=8.8.8.8 [22577| 
00:16:40: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4076] 
00:16:41: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22578] 
00:16:41: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4077] 
CHE# 


Verification from Outside PC (Internet PC) to LAN (Server) 


ping 202.1.0.19 


PING 202.1.0.19 (202.1.0.19) 56(84) bytes of data. 


64 bytes from 202.1.0.19 
64 bytes from 202.1.0.19 
64 bytes from 202.1.0.19 
64 bytes from 202.1.0.19 


cmp_seq=l ttl=62 time=24.0 ms 
cmp_seq=2 ttl=62 time=24.0 ms 
cmp_seq=3 ttk62 time=24.1 ms 
cmp_seq=4 ttl- 62 time=24.0 ms 
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LAB 37: PORT ADDRESS TRANSLATION (PAT) 


OBJECTIVE: 

To configure PAT for LAN computers to access the Internet using a single Public IP Address. 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below 


so/o 

202.1.0.18 




Fa 0/0 
192.168.201.1 


INTERNET 



PCI 


PC2 


PC3 








Fa 0/0 

192.168.201.0/24 


S 0/0 


202.1.0.16/29 


Pre-requisite: Default Routing configuration to be done on the router {LAB - 31) 


TASK: 

• Configure PAT 

• Verify PAT 

• Verify PAT Packets 

• Verify communication from LAN to the Internet 
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Configure PAT 

CHE (config) # interface serial 0/0 
CHE {config-if) # ip nat outside 
CHE {config-if) # exit 

CHE (config) # interface FastEthernet 0/0 
CHE (config-if) ft ip nat inside 
CHE (config-if) # exit 

CHE (config) # access-list 10 permit 192.168.201.0 0.0.0.255 

CHE (config) # ip nat inside source list 10 interface serial 0/0 overload 


Verify PAT 


CHE - Verification 

CHE # show ip nat translation 

Pro Inside global Inside local Outside local Outside global 

icmp 202.1.0.18:34071 192.168.201.10:34071 202.2.0.17:34071 202.2.0.17:34071 

tcp 202.1.0.18:49237 192.168.201.10:49237 202.2.0.17:80 202.2.0.17:80 


CHE# 


CHE # show ip nat statistics 

Total active translations: 10 (0 static, 1 dynamic; 0 extended) 
Outside interfaces: 

Serial0/0 
Inside interfaces: 

FastEthernet0/0 
Hits: 20 Misses: 0 
Expired translations: 0 
Dynamic mappings: 

— Inside Source -- 

[Id: 3] access-list 10 interface Serial0/0 


CHE# 
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Verify PAT Packets 

Verify PAT Packets by enabling debug commands 



CHE# debug ip nat 

IP NAT debugging is on 

CHE # terminal monitor 

CHE# 

00:16:38: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [2257S| 
00:16:38: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4074] 
00:16:39: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22576] 
00:16:39: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4075] 
00:16:40: NAT*: s=192.168,201.10->202.1.0.19, d=8.8.8.8 [22577| 
00:16:40: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4076] 
00:16:41: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22578| 
00:16:41: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4077] 
CHE# 


Verify communication from LAN to the Internet. 


Verification from PCI 


ping 8.S.8.8 

PING 8. 8. 8.8 (8.8. 8.8) 56(84) bytes of data. 

64 bytes from 8. 8.8. 8: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 8. 8.8. 8: icmp_seq=2 ttl=62 time=24.0 ms 
64 bytes from 8, 8.8. 8: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 8. 8.8. 8: icmp_seq=4 ttl=62 time=24.0 ms 
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LAB 38: Hot Standby Router Protocol (HSRP) 


OBJECTIVE: 


To set up an always available gateway by configuring HSRP 

To set up a virtual default gateway with IP 192.168.201.254 for setting up HSRP 


TOPOLOGY: 

Setup Serial and Ethernet connectivity for the lab as below: 


so/o 

202.1.0.18 



INTERNET 



so/i 

02.2.0.18 



Fa 0/0 
192.1G8. 201.100 


Virtual IP - 192.168.200.254 



J 


\ 


Switch 


Fa 0/0 

192.163.201.200 



• Configure Etherent Interface, Serial Interface and Default Routing 

• Configure HSRP 

• Verify HSRP 

• Verify communication and data path to destination network 
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Configure Etherent Interface, Serial Interface and Default Routing 

R1 - Configuration 

R1 (config) tt interface fastethernet 0/0 

R1 (config if) tt ip address 192.168.201.100 255.255.255.0 

R1 (config-if) tt exit 

R1 (config) tt interface serial 0/0 

R1 (config-if) tt ip address 202.1.0.18 255.255.255.248 

R1 (config-if) # no shutdown 

R1 (config-if) # encapsulation ppp 

R1 (config-if) tt exit 

R1 (config) tt ip route 0.0.0.0 0.0.0.0 Serial0/0 
R1 (config) tt exit 


R2 - Configuration 

R2 (config) tt interface fastethernet 0/0 

R2 (config-if) # ip address 192.168.201.100 255.255.255.0 

R2 (config-if) tt exit 

R2 (config) tt interface serial 0/0 

R2 (config-if) tt ip address 202.2.0.18 255.255.255.248 

R2 (config-if) tt no shutdown 

R2 (config-if) tt encapsulation ppp 

R2 (config-if) tt exit 

R2 (config) tt ip route 0.0.0.0 0. 0.0.0 Serial0/1 

R2 (config) tt exit 

Configure HSRP 

R1 - Configuration 


R1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

R1 (config) tt int FastEthernet 0/0 

R1 (config-if) tt standby 10 ip 192.168.201.254 

R1 (config-if) # standby 10 priority 200 

R1 (config-if) ff end 

Rl# 


R2 - Configuration 


Rl tt configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

R2 (config) tt int FastEthernet 0/0 

R2 (config-if) tt standby 10 ip 192.168.201.254 

R2 (config-if) tt standby 10 priority 150 

R2 (config-if) tt end 

R2 ff 
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Verify HSRP 

Rl- Verification 

R1 # show standby 

FastEthernetO/O - Group 10 
State is Active 

2 state changes, last state change 00:03:21 
Virtual IP address is 192.168.201.254 
Active virtual MAC address is 0000.0c07.ac0a 
Local virtual MAC address is 0000.0c07.ac0a (vl default) 

Hello time 3 sec, hold time 10 sec 
Next hello sent in 2.792 secs 
Preemption disabled 
Active router is local 

Standby router is 192.168.201.200, priority 150 (expires in 7.848 sec) 
Priority 200 (configured 200) 

IP redundancy name is ,r hsrp-Fa0/0-10" (default) 

Rl# 

R2 - Verification 

R2 # show standby 
FastEthernetO/0 - Group 10 
State is Standby 

1 state change, last state change 00:01:09 
Virtual IP address is 192.168.201,254 
Active virtual MAC address is 0000.0c07.ac0a 
Local virtual MAC address is 0000.0c07.ac0a (vl default) 

Hello time 3 sec, hold time 10 sec 
Next hello sent in 2.860 secs 
Preemption disabled 

Active router is 192.168.201.100, priority 200 (expires in 8,802 sec) 
Standby router is local 
Priority 150 (configured 150) 

IP redundancy name is ' r hsrp-Fa0/0-10" (default) 


R2 # 


Verify communication and data path to destination network 

Verification from a Computer in Network 

ping 8.8.8.8 

PING 8. 8. 8.8 (8.8. 8.8) 56(84) bytes of data. 

64 bytes from 8. 8.8. 8: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 8. 8.8. 8: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 8, 8.8. 8: icmp_seq=27 ttl=62 time=24,3 ms 
64 bytes from 8. 8.8. 8: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 8. 8.8. 8: icmp_seq=29 ttl=62 time=24.2 ms 
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From a Computer in Network trace communication path to destination network 

tracert 8. 8. 8, 8 (Windows) or traceroute 8. 8. 8. 8 (Linux) 

traceroute to 8. 3. 8. 3 (192*168*203.10), 30 hops max, 38 byte packets 

1 192.168.201.100 (192.168.202*1) 1.086 ms 1.124 ms 1.144 ms 

2 8.8, 8.8 (8, 8.8,8) 2.295ms 2.156ms 2.209ms 


Understand HSRP behaviour 

Currently data isflowingvia R1 router, if R1 router goes down data will start flowing through R2 router. 
You can verify the behaviour by shutting down R1 Router Ethernet Interface (LAN Interface) or remove 
the Ethernet cable from R1 Router and check the behaviour. 


Verify HSRP 

R1 - Verification 

R1 # show standby 
FastEthernetO/O - Group 10 
State is Standby 

2 state changes, last state change 00:03:21 
Virtual IP address is 192.168.201.250 
Active virtual MAC address is 0000.0c07.ac0a 
Local virtual MAC address is 0000.0c07.ac0a (vl default) 

Hello time 3 sec, hold time 10 sec 
Next hello sent in 2.792 secs 
Preemption disabled 

Active router is 192.168.201.200, priority 150 (expires in 8.802 sec) 
Standby router is local 
Priority 200 (configured 200) 

IP redundancy name is "hsrp-Fa0/0-10" (default) 

Rl# 

R2 - Verification 

R2 # show standby 
FastEthernetO/0 - Group 10 
State is Active 

1 state change, last state change 00:01:09 
Virtual IP address is 192.168.201.250 
Active virtual MAC address is 0000.0c07.ac0a 
Local virtual MAC address is 0000.0c07.ac0a (vl default) 

Hello time 3 sec, hold time 10 sec 
Next hello sent in 2.860 secs 
Preemption disabled 
Active router is local 

Standby router is 192.168,201.100, priority 200 (expires in 7.848 sec) 
Priority 150 (configured 150) 

IP redundancy name is ' r hsrp-Fa0/0-10" (default) 

R2 U 
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Verify communication and data path to destination network 

Verification from a Computer in Network 

ping 3.8.8.8 

PING S.8.8.8 (8.8, 8.8) 56(84) bytes of data. 

64 bytes from 8. 8.8, 8: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 8. 8.8, 8: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 8. 8.8. 8: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 8. 8.8, 8: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 8. 8.8. 8: icmp_seq=29 ttN62 time=24.2 ms 

From a Computer in Network trace communication path to destination network 

tracert 8, 8. 8.8 (Windows) or traceroute 8, 8, 8, 8 (Linux) 

traceroute to 8. 8 *8. 8 ( 8 . 8 . 8 . 8 ) , 30 hops max, 38 byte packets 

1 192.168.201.200 (192,168,201,200) 1,086 ms 1.124 ms 1,144 ms 

2 8,8, 8,8 (8, 8, 8, 8) 2,295 ms 2,156 ms 2,209 ms 
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LAB 39: IP SLA 


OBJECTIVE: 


To configure IP SLA feature to monitor ISP link failure and injecting another default route for 
backup ISP 


TOPOLOGY: 

Setup Serial and Ethernet connectivity for the lab as below: 








ISPl DNS 

l. 1.1.1 


Global DNS 

SfS.SiS 


INTERNET 



Fa 0/0 

192.168.202.1 



S 0/0/0 202.1.0.16/29 


S 0/0/1 202.2.0.16/29 



ISP2 DNS 
2.2. 2. 2 


• Configure Serial Interface and Default Routing 

• Configure IP SLA 

• Verify IP SLA 

• Verify communication and data path to destination network 


CCNA Lab Manual 


Page | 239 


www.zoomgroup.com 






ZOOM 

TECHNOLOGIES 



Configure Serial Interface and Default Routine 

HYD-l - Configuration 

HYD-1 (config) # interface serial 0/0/0 

HYD-l (config-if) # ip address 202.2.0.17 255.255.255.248 

HYD-1 (config-if) # no shutdown 

HYD-l (config-if) # encapsulation ppp 

HYD-1 (config-if) # exit 

HYD-1 (config) # interface serial 0/0/1 

HYD-1 (config-if) # ip address 202.1.0.17 255.255.255.248 

HYD-1 (config-if) # no shutdown 

HYD-1 (config-if) # encapsulation ppp 

HYD-1 (config-if) # exit 

HYD-1 (config) # ip route O.O.O.O 0.0.0.0 202.1.0.18 
HYD-1 (config) # ip route 0.0.0.0 0.0.0.0 202.2.0.18 2 
HYD-1 (config) # exit 
HYD-1# 


Configure IP SLA 

HYD-1 - Configuration 


R1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip sla 1 

HYD-1 (config-ip-sla) # icmp-echo 1. 1.1.1 

HYD-1 (config-ip-sla-echo} # frequency 5 

HYD-1 (config-ip-sla-echo) # exit 


HYD-1 (config) # ip sla schedule 1 start-time now life forever 
HYD-1 (config) # track 10 ip sla 1 
HYD-1 (config-track) # delay down 20 up 10 
HYD-1 (config-track) # exit 

HYD-1 (config) # ip route 0.0.0.0 0.0.0.0 202.1.0.18 track 10 

HYD-1 (config) # end 
HYD-1# 
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HYD-1 - Verification 


HYD-1 # sh ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
I\1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS IS, su - IS IS summary, LI - IS IS level-1, L2 - IS IS level-2 
ia - IS-IS inter area, * - candidate default, U - per user static route 
o - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is 202.1.0.18 to network 0. 0.0.0 


S* 0.0.0.0/0 [1/0] via 202.1.0.18 

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernetO/O 
L 192.168.202.1/32 is directly connected, FastEthernetO/O 

202.1.0. 16/29 is variably subnetted, 2 subnets, 2 masks 
C 202.1.0.16/29 is directly connected, SerialO/O/1 

L 202.1.0.17/32 is directly connected, SerialO/O/1 

202.2.0. 16/16 is variably subnetted, 2 subnets, 2 masks 
C 202.2.0.0/16 is directly connected, Serial0/0/0 

L 202.2.0.17/32 is directly connected, Serial0/0/0 
HYD-1# 

Verify communication and data path to destination network 

Verification from a Computer in HYD-1 Network 

ping 8.S.8.8 

PING 8.8. 8.8 (8.8. 8.8) 56(84) bytes of data. 

64 bytes from 8. 8.8. 8: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 8. 8.8. 8: icmp_seq=26 ttl=62 time=24,l ms 
64 bytes from 8. 8.8. 8: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 8. 8.8. 8: icmp_seq~28 tt!=62 time=24.2 ms 
64 bytes from 8. 8.8. 8: icmp_seq=29 ttl=62 time=24.2 ms 


From a Computer in FIYD-1 Network trace communication path to destination network 

tracert 8* 8 *8* 8 (Windows) or traceroute 8, 8, 8, 8 (Linux) 

traceroute to 8. 8*8*8 (3 *8, 8. 8), 30 hops max, 33 byte packets 

1 192*168*202*1 (192*168*202*1) 1*036 ms 1*124 ms 1*144 ms 

2 202*1*0*18 (202*1*0*18) 1*086 ms 1*124 ms 1*144 ms 

3 8*8* 8*8 ( 8 * 8 * 8 * 8 ) 2*295 ms 2*156 ms 2*209 ms 
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Currently data is flowing via ISP1, if ISP1 DNS Server goes down or is not reachable data will start 
flowing through ISP2. You can verify the behaviour by shutting dowwn ISP1 DNS Server. 


Verify IP SLA 


HYD-l - Verification 

HYD-1 # sh ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is 202,2.0,18 to network 0,0. 0,0 


S* 0.0.0.0/0 [2/0] via 202.2.0.18 

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192,168,202.0/24 is directly connected, FastEthernetO/O 
L 192.168.202.1/32 is directly connected, FastEthernetO/O 

202.1.0. 16/29 is variably subnetted, 2 subnets, 2 masks 
C 202.1.0.16/29 is directly connected, Serial0/0/1 

L 202,1.0.17/32 is directly connected, SerialO/O/1 

202.2.0. 16/16 is variably subnetted, 2 subnets, 2 masks 
C 202.2.0.0/16 is directly connected, SerialO/Q/O 

L 202,2,0.17/32 is directly connected, Serial0/0/0 
HYD-1# 


Verify communication and data path to destination network 

Verification from a Computer in HYD-1 Network 

ping S.8.8.8 

PING S.8.8.8 (S.8.8.8) 56(84) bytes of data. 

64 bytes from 8.8.8. 8: icmp_seq=25 ttl=62 time=24,l ms 
64 bytes from 8.8.8. 8: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from S.8.8.8: icmp_seq=27 ttl=62 time=24,3 ms 
64 bytes from 8.8.8. 8: icmp_seq=28 ttl=62 time=24,2 ms 
64 bytes from 8.8.8. 8: icmp_seq=29 ttl=62 time=24,2 ms 


■ 
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From a Computer in HYD-1 Network trace communication path to destination network 


tracert 8. 8. 8, 8 (Windows) or traceroute 8. 8. 8. 8 (Linux) 

traceroute to 8*3*8*S (8*8.. 8*8), 30 hops max, 38 byte packets 

1 192.168.202.1 (192.168.202.1) 1*086 ms 1.124 ms 1*144 ms 

2 202.2.0.18 (202,2.0.18) 1.086 ms 1.124 ms 1.144 ms 

3 8. 8*8, 8 (8*8, 8*8) 2,295 ms 2*15 6 ms 2,209 ms 
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LAB 40: BGP ON IPv4 network 


OBJECTIVE: 


To configure BGP for communicating between different IPv4 networks in different Autonomous 
system. 


TOPOLOGY: 


Setup Ethernet and Serial connectivity for the lab as below : 


AS 100 


AS 300 





Fa 0/0 

192.163.201.0/24 

S 0/0 

172.16.0.0/16 





Fa 0/0 

192.163.203.0/24 


S 0/1 172.17.0.0/16 


S 0/0/0 172.17.0.0/16 


S 0/0/1 172.16.0.0/16 


Pre-requisite: WAN Interface configuration to be done on the router (LAB - 6) 


TASK: 

• Configure BGP Routing on IPv4 network 

• Verify BGP Routing on IPv4 network 

• Verify Communication between the IPv4 networks 

• Verify BGP Neighbour and Topology Table on IPv4 networks 

• Verify BGP Neighbour Detail 
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Configure BGP Routing on IPv4 network 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE {config) # ip routing 
CHE {config) # router bgp 100 

CHE {config-router }# network 192.168.201.0 mask 255.255.255.0 
CHE (config-router) # network 172.16.0.0 mask 255.255.0.0 
CHE (config-router) # neighbor 172.16.0.2 remote-as 200 

CHE (config-router) # end 
CHE# 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # ip routing 
HYD-1 (config) # router bgp 200 

HYD-1 (config-router) # network 192.168.202.0 mask 255.255.255.0 
HYD-1 (config-router) # network 172.16.0.0 mask 255.255.0.0 
HYD-1 (config-router) # network 172.17.0.0 mask 255.255.0.0 
HYD-1 (config-router) # neighbor 172.16.0.1 remote-as 100 
HYD-1 (config-router) # neighbor 172.17.0.2 remote-as 300 
HYD-1 (config-router) # end 
HYD-1# 

BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

BAN (config) # ip routing 
BAN (config) # router bgp 300 

BAN (config-router) # network 192.168.203.0 mask 255.255.255.0 
BAN (config-router) # network 172.17.0.0 mask 255.255.0.0 
BAN (config-router) # neighbor 172.17.0.1 remote-as 200 
BAN (config-router) # end 
BAN (config) # 
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Verify BGP Routing 

Once BGP routing is enabled, IPv4 Networks learnt via BGP are added into the routing table, "B" 

represents BGP route. 

CHE- Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 


B 172.17.0.0/16 [20/0] via 172.16.0.2, 00:04:02 
C 172.16.0.0/16 is directly connected, SerialO/O 
C 192. 168.201. 0/24 is directly connected, FastEthernet0/0 
B 192.168.202,0/24 [20/0] via 172.16.0.2, 00:00:03 
B 192.168.203.0/24 [20/0] via 172.16.0.2, 00:02:46 
CHE# 

HYD-1 - Verification : 

HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
El - OSPF external type 1, E2 - OSPF external type 2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, H - NHRP, I - LISP 
+ - replicated route, % - next hop override 

Gateway of last resort is not set 


172.16.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.16.0.0/16 is directly connected, Serial0/0/l 

L 172.16.0.2/32 is directly connected, Serial0/0/l 

172.17.0. 0/16 is variably subnetted, 2 subnets, 2 masks 
C 172.17.0.0/16 is directly connected, Serial0/0/0 

L 172.17.0,1/32 is directly connected, Serial0/0/Q 
B 192.168.201.0/24 [20/0] via 172.16.0.1, 00:04:15 

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks 
C 192.168.202.0/24 is directly connected, FastEthernet0/0 
L 192.168.202.1/32 is directly connected, FastEthernet0/0 
B 192.168.203.0/24 [20/0] via 172.17.0.2, 00:03:00 
HYD-1# 
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BAN - Verification: 



ZOOM 


TECHNOLOOIE 


BAN # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, Serial0/1 
B 172.16.0.0/16 [20/0] via 172.17.0.1, 00:03:23 
B 192.168.201.0/24 [20/0] via 172.17.0.1, 00:03:23 
B 192.168.202.0/24 [20/0] via 172.17.0.1, 00:00:11 
C 192.168.203.0/24 is directly connected, FastEthernet0/0 
BAN# 


Verify communication between the IPv4 networks 


Verification from a Computer in HYD-1 Network 

ping 192.168.201.10 

PING 192.168.201.10 (192,168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=l ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp _seq=2 ttl=62 time=24.0 ms 
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms 


ping 192.168.203.10 


PING 192.168.203,10 (192.168.203,10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

Repeat the above ping verification from a computer in CHE and BAN Network. 
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From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network 

tracer t 192.168.201.10 (Windows) or traceroute 192.168,201,10 (Linux) 

traceroute to 192.168,201.10 (192,168,201.10), 30 hops max, 33 byte packets 

1 192.168.202.1 (192.168.202.1) 1,086 ms 1.124 ms 1.144 ms 

2 172,16.0,1 (172,16.0,1) 2.295 ms 2.156 ms 2.209 ms 

3 192.168.201,10 (192,168,202,10) 3.295ms 3.156ms 3,209ms 


From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network 

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux) 

traceroute to 192,168.203,10 (192.168,203.10), 30 hops max, 38 byte packets 

1 192,168,202,1 (192.168.202.1) 1,086ms 1.124ms 1,144ms 

2 172,17.0,2 (172,17.0,2) 2.295 ms 2.156 ms 2.209 ms 

3 192,168,203,10 (192,168,203,10) 3.295ms 3.156ms 3.209ms 


Repeat the above trace communication path from a computer in CHE and BAN Network. 


Verify BGP Neighbour and BGP Table on IPv4 Network 


CHE - Verification: 


CHE # show ip bgp summary 

BGP router identifier 192.168.201.1, local AS number 100 
BGP table version is 6, main routing table version 6 
5 network entries and 6 paths using 701 bytes of memory 
3 BGP path attribute entries using 180 bytes of memory 
2 BGP AS-PATH entries using 48 bytes of memory 
0 BGP route-map cache entries using 0 bytes of memory 
0 BGP fi Iter-list cache entries using 0 bytes of memory 
BGP activity 5/0 prefixes, 6/0 paths, scan interval 60 secs 

Neighbor V AS MsgRcvd MsgSent TbIVer InQ OutQ. Up/Down State/PfxRcd 

172,16.0.2 4 200 15 12 6 0 0 00:07:40 4 

CHE# 

CHE # show ip bgp 

BGP table version is 6, local router ID is 192.168.201.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 

Origin codes: i - IGP, e - EGP, ? - incomplete 



Network 

Next Hop 

Metric LocPrf 

Weight 

Path 


172.16.0.0 

172.16.0.2 

0 

0 

200 i 

> 


0 . 0 . 0.0 

0 

32768 

■ l » 

i 

> 

172.17.0.0 

172.16.0.2 

0 

0 

200 i 

> 

192.168.201.0 

0 . 0 . 0.0 

0 

32768 

+ 

i 

> 

192.168.202.0 

172.16.0.2 

0 

0 

200 i 

> 

192.168.203.0 

172.16.0.2 

0 

0 

200 300 i 


CHE# 
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ZOOM 


ECHNOLOGIE 


HYD-1 - Verification : 

HYD-1 # show ip bgp summary 

BGP router identifier 192.168.202.1, local AS number 200 
BGP table version Is 6, main routing table version 6 
5 network entries using 680 bytes of memory 
7 path entries using 392 bytes of memory 

3/3 BGP path/bestpath attribute entries using 384 bytes of memory 

2 BGP AS-PATH entries using 48 bytes of memory 

0 BGP route-map cache entries using 0 bytes of memory 

0 BGP filter-list cache entries using 0 bytes of memory 

BGP using 1504 total bytes of memory 

BGP activity 5/0 prefixes, 7/0 paths, scan interval 60 secs 


Neighbor 

V 

AS 

MsgRcvd MsgSent 

TbIVer InQ 

OutQ 

Up/Down State/PfxRcd 

172.16.0.1 

4 

100 

11 13 

6 0 

0 

00:06:00 2 

172.17.0.2 

4 

300 

9 12 

6 0 

0 

00:05:14 2 

HYD-1# 


HYD-1 # show ip bgp 

BGP table version is 6, local router ID is 192.168.202.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RI-Filter 
Origin codes: i - IGP, e - EGP, ? - incomplete 



Network 

Next Hop 

Metric LocPrf 

Weight 

Path 


172,16.0,0 

172.16.0.1 

0 

0 

100 i 

> 


0,0. 0.0 

0 

32768 

i 


172.17.0,0 

172.17.0.2 

0 

0 

300 i 

> 


0, 0.0.0 

0 

32768 

i 

> 

192.168.201.0 

172.16.0.1 

0 

0 

100 i 

> 

192.168.202.0 

0.0.0.0 

0 

32768 i 


> 

192,168.203.0 

172,17.0.2 

0 

0 

300 i 


HYD-1# 


BAN - Verification: 


BAN # show ip bgp summary 

BGP router identifier 192.168.203.1, local AS number 300 
BGP table version is 7, main routing table version 7 
5 network entries and 6 paths using 701 bytes of memory 
3 BGP path attribute entries using 156 bytes of memory 
2 BGP AS-PATH entries using 48 bytes of memory 
0 BGP route-map cache entries using 0 bytes of memory 
0 BGP filter-list cache entries using 0 bytes of memory 
BGP activity 5/0 prefixes, 6/0 paths, scan interval 15 secs 

Neighbor V AS MsgRcvd MsgSent TbIVer InQ OutQ Up/Down State/PfxRcd 
172.17.0.1 4 200 12 9 7 0 0 00:05:45 4 

BAN# 
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ZOOM 

TECHNOLOGIES 



BAN # show ip bgp 

BGP table version is 7, local router ID is 192.168.203.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 

Origin codes: i - IGP, e - EGP, ? - incomplete 



Network 

Next Hop 

> 

172.16.0.0 

172.17.0.1 

> 

172.17.0.0 

0.0.0.Q 



172.17.0.1 

> 

192.168.201.0 

172.17.0.1 

> 

192.168.202.0 

172.17.0.1 

> 

192.168.203.0 

0.0.0.0 


BAN# 


Metric LocPrf 

Weight 

Path 

0 

0 

200 i 

0 

32768 

+ 

i 

0 

0 

200 i 

0 

0 

200 100 i 

0 

0 

200 i 

0 

32768 

+ 

1 


Verify BGP Neighbor Detail 


Example - HYP-1 

HYD-1 # show ip bgp neighbors 172,16.0.1 

show ip bgp neighbors 172.16.0.1 
BGP neighbor is 172.16.0.1, remote AS 100, external link 
BGP version 4, remote router ID 192.168.201.1 
BGP state - Established, up for 00:08:30 

Last read 00:00:30, last write 00:00:03, hold time is 180, keepalive interval is 60 seconds 
Neighbor sessions: 

1 active, is not multisession capable (disabled) 

Neighbor capabilities: 

Route refresh: advertised and received(new) 

Four-octets ASN Capability: advertised 

Address family IPv4 Unicast: advertised and received 

Multisession Capability: 

Message statistics: 

InQ depth is 0 
OutQ depth is 0 

i 

► 

<output omitted> 

i 

i 

Datagrams (max data segment is 1460 bytes): 

Rcvd: 25 (out of order: 0), with data: 12, total data bytes: 309 

Sent: 27 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 15, 
total data bytes: 438 

Packets received in fast path: 0, fast processed: 0, slow path: 0 
fast lock acquisition failures: 0, slow path: 0 

HYD-1# 
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LAB 41: GENERIC ROUTING ENCAPSULATION (GRE) 


OBJECTIVE: 

To set up a GRE VPIM to enable communication between different networks . 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below : 


INTERNET 


so/o 

202.1.0.18 




^•\\W 


Fa 0/0 
192.168*201.1 




Fa 0/0 
S 0/0 


Network ID / Mas 


192.168.201.0/24 

202.10.16/29 


SO/1 

202.2.0.18 


J2P 


Fa O/O 

192.168.203.1 


Switch 


E9 






■ ■ 


I.LTJ’J 


Fa 0/0 
S 0/0 


192.168.203.0/24 

202.2.0.16/29 


TASK: 

• Configure Serial Interface 

• Configure Default Routing 

• Configure GRE Tunnel Interface 

• Verify GRE Tunnel Configuration 

• Configure Routing 

• Verify Routing 

• Verify communication between the networks 
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Configure Serial Interface 



ZOOM 


TECHNOLOGI E 


CHE - Configuration 

CHE (config) # interface serial 0/0 

CHE {config-if) # ip address 202.1.0.18 255.255.255.248 

CHE {config-if) ft no shutdown 
CHE (config-if) # encapsulation ppp 
CHE (config-if) # exit 
CHE (config) # 


BAN - Configuration 

BAN (config) # interface serial 0/1 

BAN (config-if) # ip address 202.2.0.18 255.255.255.248 

BAN (config-if) # no shutdown 

BAN (config-if) # encapsulation ppp 

BAN (config-if) # exit 

BAN (config) # 


Configure Default Routing 

CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z, 
CHE (config) # ip route 0.0.0.0 0.0.0.0 SerialO/O 

CHE (config) # exit 
CHE# 


BAN - Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
BAN (config) # ip route 0.0.0.0 0.0.0.0 SerialO/1 
BAN (config) # exit 
BAN# 
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TECHNOLOG IE 



Configure GRE Tunnel Interface 

CHE - Configuration 

CHE {config) # int tunnel 0 

CHE {config-if) # ip add l.l.l.l 255.255.255.0 

CHE {config-if) # tunnel mode gre ip 

CHE {config-if) # tunnel source serial 0/0 

CHE (config-if) # tunnel destination 202.2.0.18 

CHE (config-if) ft end 

CHE# 

BAN - Configuration 

BAN (config) # int tunnel 0 

BAN (config-if)# ip add 1.1.1. 2 255.255.255.0 

CHE {config-if) # tunnel mode gre ip 

BAN (config-if)# tunnel source serial 0/1 

BAN (config-if)# tunnel destination 202.1.0.18 

BAN (config-if)# end 

BAN# 

Verify GRE Tunnel Configuration 

CHE - Verification 

CHE # show ip interface brief tunnel 0 

Interface IP-Address OK? Method Status Protocol 

TunnelO l.l.l.l YES manual up up 


CHE# 


CHE # sh int tunnel 0 

TunnelO is up, line protocol is up 
Hardware is Tunnel 
Internet address is 1.1.1.1/24 
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation TUNNEL, loopback not set 
Keepalive set (10 sec) 

Tunnel source 202.1.0.18 (Serial0/0), destination 202.2.0.18 
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled 
Checksumming of packets disabled, fast tunneling enabled 


coutput omitted> 


CHE# 
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ZOOIV 


TECHNOLOSIE 



BAN - Verification 


Interface 

TunnelO 


BAN # show ip interface brief tunnel 0 

Interface IP-Address OK? Method Status 


Protocol 

up 


1,1, 1,1 YES manual up 


BAN# 


BAN # sh int tunnel 0 

TunnelO is up, line protocol is up 
Hardware is Tunnel 
Internet address is 1.1.1.2/24 
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation TUNNEL, loopback not set 
Keepalive set {10 sec) 

Tunnel source 202.2.0.18 (SerialO/1), destination 202.1.0.18 
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled 
Checksumming of packets disabled, fast tunneling enabled 


<output omitted> 


BAN# 


Configure Routine 

CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
CHE (config) # ip route 192.168.203.0 255.255.255.0 tunnel 0 

CHE (config) # 

BAN — Configuration 
BAN # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
BAN (config) # ip routing 

CHE (config) # ip route 192,168,201.0 255.255.255.0 tunnel 0 

BAN (config) # 
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TECHNOLOG IE 



Verify Routing 


CHE - Verification : 

CHE # show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, M2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, LI - IS IS level-1, L2 - IS IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.16.0.0/16 is directly connected, SerialO/O 

C 192.168.201.0/24 is directly connected, FastEthernetO/O 

S 192.168.203.0/24 [1/0] directly connected, TunnelO 

S* 0.0.0.0/0 [1/0] via SerialO/O 

CHE# 


BAM - Verification : 

BAN # show ip route 

Codes: C - connected, S - static, I * IGRP, R - RIP, M - mobile, B * BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
Ml - OSPF MSSA external type 1, M2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 • OSPF external type 2, E - EGP 
i - IS-IS, LI - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 

Gateway of last resort is not set 

C 172.16.0.0/16 is directly connected, SerialO/1 

C 192.168.203.0/24 is directly connected, FastEthernetO/O 

S 192.168.201.0/24 [1/0] directly connected, TunnelO 

S* 0.0.0.0/0 [1/0] via SerialO/1 


BAN# 
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Verify communication between the networks 


Verification from a Computer in CHE Network by pinging a computer in the BAN network 

ping 192.168.203.10 

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data. 

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms 

Verification from a Computer in BAN Network by pinging a computer in the CHE network 

ping 192.168.201.10 

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data. 

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms 
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms 
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms 
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms 

From a Computer in CHE Network trace communication path to a Computer in BAN Network 

tracert 192 . 168 * 203 * 10 (Windows) or traceroute 192.168. 203 . 10 (Linux) 

traceroute to 192,168,203,10 (192.168,203,10), 30 hops max, 38 byte packets 

1 192,168,201 ,1 (192,168,202,1) 1,086ms 1,124 ms 1,144ms 

2 1 . 1 , 1 . 1 ( 1 . 1 , 1 . 1 ) 2.295 ms 2.156 ms 2.209 ms 

3 192,168,203,10 (192,168,203.10) 3.295 ms 3.156 ms 3,209 ms 


From a Computer in BAN Network trace communication path to a Computer in CHE Network 

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux) 

traceroute to 192.168,201.10 (192.168,201.10), 30 hops max, 33 byte packets 

1 192,168.203.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms 

2 1.1 *1.2 (1.1. 1.2) 2.295 ms 2.156 ms 2*209 ms 

3 192,168,201.10 (192,168,202,10) 3.295ms 3.156ms 3,209ms 
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LAB 42 : ENHANCING ROUTER SECURITY 


OBJECTIVE: 

To enhance router security by authentication and enabling ssh access on router. 

TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 



HYD-1 


F0/0 

192.168.202.1/24 






\ 


Computer IP Address 
192.168.202.10/24 


Pre-requisite: 192.168.202.10 computer should have Radius Server software installed and running. 


TASK: 

• Configure Local Authentication 

• Verify Local Authetication 

• Configure AAA Authentication (Radius Server) 

• Verify AAA Authentication 

• Configure the SSH Server on Router 

• Verify SSH access to Router 
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Configure Local Authentication 



ZOOM 


TECHNOLOOIE 


Example - HYP-1 


Configure a new user with password 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # username zoom password cisco 
HYD-1 (config)# 


Enabling userwise access for VTY session 

HYD-1 (config) # line vty 0 4 
HYD-1 (config-line) # login local 
HYD-1 (config-line) # end 


Verify Local Authentication 


Now open a new telnet session from your computer to the router and try to login using already 
configured user. 

i.e. telnet 192.168.202.1 
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ZOOM 


TECH NOLOG! E 


Configure AAA Authentication (Radius Server) 


Example - HYD-1 

HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-1 (config) # aaa new-model 

HYD-1 (config) # radius-server host 192.168.202.10 key cisco 
HYD-1 (config) # aaa authentication login default group radius local 


Verify AAA Authentication 


Create New User on Radius Server. Try to login using newly created user by opening a new telnet 
session from your computer to the router. 

i.e. telnet 192.168.202.1 
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Configure the SSH Server on Router 



ZOOM 


ECHNOLOGIE 


Configure a domain name 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # ip domain-name zoom.com 

Configure the vty lines. 

HYD-1 (config) # line vty 0 4 
HYD-1 (config-line) # login local 
HYD-1 (config-line) # transport input ssh 
HYD-1 (config-line) # exit 

Generate the RSA encryption key pair for the router 

HYD-1 (config) # crypto key generate rsa 
The name for the keys will be: HYD-l.zoom.com 

Choose the size of the key modulus in the range of 360 to 2048 for your 

General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. 

How many bits in the modulus [512]: 1024 
% Generating 1024 bit RSA keys, keys will be non-exportable,., 

[OK] (elapsed time was 3 seconds) 

R1 (config)# end 
Rl# 

Verify SSH access to Router 

Now open a new telnet session from your computer to the router, you will not able to access router 
via telnet. 

Verify SSH access to HYD-1 from computer by giving below command : 

ssh -I zoom 192.168.202.1 


Hiall ■ Eauvla c2> Iff # e| 


bt - ■# ssh -l loom 1G.G.G.1 

The authenticity of host '10.0.0.1 (10, 0.Q\1)' can't be established. 

RSA key fingerprint is Id :3b: 15: &4 : 86 : 56 : 7c : 2b : cd : b3 : l«c : S4 : 47 :4e: f©:72. 
Are you sure you want to continue connecting (yes/no) 7 yes 
Warning: Permanently added '10. 0.0.1* (RSA) to the list of known hosts. 
Passwo rd ; 


UNAUTHORISED ACCESS STPICTLY PROHIBITED AND PROSECUTED 
TO THE FULL EXTENT OF THE LAW 


Rl> 

Rl>Connection to 1G.G.G.1 closed by remote host. 
Connection to 1G.G.G.1 closed. 


1 



Jk .tail Kir 


ulr 


.at Ihal Kana*la 2 s- 


. hjT’tr K.ana.«rar 




31:50 
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LAB 43: DHCP SERVER AND CLIENT 


OBJECTIVE: 

To configure a Router as a DHCP Server for assigning IP addresses, DNS, gateway, etc. to client 
computers. 

To configure an interface of Router as a DHCP Client for getting IP addresses from ISP. 


TOPOLOGY: 


Setup the router for the lab as below: 






Fa 0/0 

192.168.201.0/24 


INTERNET 


TASK: 

• Configure Router as DHCP Server 

• Verify DHCP on client computer 

• Verify DHCP Server 

• Configure an interface of a Router as DHCP Client 

• Verify DHCP Client 
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Configure Router as DHCP Server 



ZOOM 


ECHNOLOGIE 


CHE - Configuration 


CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE (config) # ip dhcp pool zoom 

CHE (dhcp-config) # network 192.168.201.0 255.0.0.0 

CHE (dhcp-config) # default-router 192.168.201.1 

CHE (dhcp-config) #dns-server8.8.8.8 

CHE (dhcp-config) # lease 111 

CHE (dhcp-config) # exit 

CHE (config) # ip dhcp excluded-address 192.168.201.1 192.168.201.50 

CHE (config)# exit 

Verify DHCP on client computer 

On Windows Computer, Select Obtain IP Address Automatically in Network Properties and verify the 
dhcp ip address by giving ipconfig command on command prompt. 


On Linux Computer give below commands 

# dhclient 

Internet Systems Consortium DHCP Client V3.0.6 
Copyright 2004-2007 Internet Systems Consortium. 

Sending on LPF/eth0/00:lb:b9:9a:16:8d 
Sending on Socket/fallback 

DHCPDISCOVER on ethO to 255.255.255.255 port 67 interval 8 

DHCPOFFER from 192.168.201.5 

DHCPREQUEST on ethO to 255.255.255.255 port 67 

DHCPACK from 192.168.201.5 

bound to 192.168.201.5 -- renewal in 40650 seconds. 

# ifconfig 

ethO Link encap:Ethernet HWaddr 00:1B:B9:9A:16:8D 
inet addr:192. 168.201.5 Bcast:92.168.201.255 Mask:255.0.0.0 
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:l 
RX packets:9263 errors:0 dropped;0 overruns:0 frame:0 


CCNA Lab Manual 


Page 


262 


www.zoomgroup.com 




ZOOM 


TECHNOLOG IE 



Verify DHCP Server 


CHE - Verification: 


CHE # show ip dhcp binding 

Bindings from all pools not associated with VRF: 

IP address Client-1 D/ Lease expiration Type 


Hardware address/ 
User name 


192.168.202.5 001c.c06c.91f3 Aug 27 2016 02:21 PM Automatic 
192.168.202.10 001b.b99a.168d Aug 27 2016 02:25 PM Automatic 
CHE # 


Configure an interface of a Router as DHCP Client 

CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE (config)# interface serial 0/0 

CHE (config-if)# ip address dhcp 

CHE (config-if)# no shutdown 

CHE (config-if)# exit 

CHE (config)# 

Verify DHCP Client 

CHE # show interface serial 0/0 
Serial0/0 is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 202.1.0.18/29 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation HDLC, loopback not set 
Keepalive set (10 sec) 


<output omitted> 


CHE # 


CHE # show ip interface brief 


Interface 
FastEthernetO/0 
Seria 10/0/0 
Seria 10/0/1 


IP-Address OK? Method Status 
192.168.202.1 YES NVRAM up 


202,1.0.18 YES DHCP up up 

unassigned YES manual administratively down down 


Protocol 

up 

up 


CHE# 
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LAB 44: SNMP 


OBJECTIVE: 

To configure router as SNMP Agent and sending snmp traps to a SNMP server, 

TOPOLOGY: 

Setup Ethernet connectivity for the lab as below : 



F0/0 

192.168.202.1/24 




Computer IP Address 
192.168.202.10/24 


Pre-requisite: 192.168.202.10 computer should have SNMP server software installed and running. 


TASK: 

• Configure Router as SNMP Agent 

• Generate and Verify SNMP Traps 
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Configure Router as SNMP Agent 



ZOOM 
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HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # snmp-server community public ruv 

HYD-1 (config) # snmp-server host 192,168.202,10 version 2c public 

HYD-1 (config) # snmp-server enable traps 

HYD-1 (config) # exit 

HYD-1# 


Generate and Verify SNMP Traps 

HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # interface serial 0/0/0 

HYD-1 (config-if) # shutdown 

HYD-1 (config-if) # no shutdown 

HYD-1 (config-if) # end 

HYD-1# 


Verification on SIMM P Server (PC) : 

Start SNMP software to view the SNMP traps as below : 


■'nHwrStoWP 

File- Discover Waich Tapis Help 

PowerSNMP Free Manager 


pcwerSNMP 

tor .NET 


I Due owed ”ievc« 
I . -ri-- Hcdm 
5NMP 
j SNHFvl 
m SNHFV2 


SNMF'vj 




s'ini't sO^jJ 


V'd-Hi 


t g i 

- 3 da'll 
- g Edod 

d E ■ rtencl 

QD I oic-lcry 
id 0 Jmgrd 
B ® 1 mfc-2 
C [T| 1 Orton 

1 wO&V 
g 23F?0bt9cliD 
g 5 iy»Upl>* 
g 4 jysCo-Tlacl 
g 

g f wLjwaliW' 

Q itnSftvew 
Q -S mORUttCbs- 
■ tn 5 sysO fi 1 sSk 


‘ L 


HI 


Traps Ldu 


Tim* W.ife 

Crtaoato' 

Erteiprttt.OiD 

Trap- SMcfc Trgp 

1 9-DB-201 E- 152427 

1512 ICS 202 1 EC 

136 1 E 3 1 1.5,3 


1 5-03-23 1 6 1524.ZB 

192 1ES.Z02 1:6D 

1.3.6.1.53 1 1.5.4 


1 3-0S-201 6 1625.03- 

i9(2 lea.aE i.k. 

1.36.1.6.3 11. 5.3 


1 J 03 201 & 152510 

132 16&2H2. 1:60. 

1361.413 9-11201 


1 3-OS-23IE 1525:111 

192 ICS 202 1 EC 

1 36 1 63 1 1.5.4 
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Below screenshot of SNMP trap gives detailed information of change in Interface status 


- Trap Message Summary 


Message Information 

Agent; 1 52 163.202 1:60905 
Old: 13614 19.941201 
Description 

Generic Trip r“i/a 

Specific Trap n/e 
Uptime. 2-8950&G 
Timestamp 15 DS-201G IS 25 1C 
Message Version' Two 




in | 

Variables 



010 

01 D Type 

Value 

1 3.6.1 41 .9.941.1.2.3.1.2.8 

Octet String 

LINK 

1 3.6.1 4.1 Jj9i41.1i3.1Ju8 

Integer 

4 

1.3.&1. 4.1 .9.3.41. 1.2.3. 1.4.8 

Octet String 

UP DOWN 

1 3.61.4 1.9.3.41.12.3.1 5 8 

Octet String 

Interface SerialO/C/D, change.. 

1.3.61.41.9 941.1.2,3.16.8 

Time Ticks 

2895066 


m 


Descripti 





~ Trap Message Summary 


Message InfonnSion 

Agent 192. 1 SB 202.1 60905 
Old: 1.3.6 1.6.3. 1.1. 5.4 

Description. 

Genenc Trap, n a 
Specific Trap' n/a 
Uptime: 2335166 
Timsfitarnj: 1 3-03-2016 15:25:1 1 
Message Version: Two 




* 



rn r 

Variables 




1 QIC 

OID Type 

Value 

Description 

1.3.6.1.2.12.2.1.1.3 

1.3.6. 1.2. 1.2.2. 1.2. 3 

1.3.6 1.2.1. 2.2.1. 3.3 

1 3.61.4.1 5.2 211 20 3 

Integer 

Oct el Siting 
propPomt.. 
Octet String 

3 

Serial 0/0/0 

22 

up 

A uiique value for each inter 
A tfodL-al string contaiwig int 
The type of interface, distng 

4 | 

rri 


► 
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LAB 45: PPP AUTHENTICATION 


OBJECTIVE: 

To enable PPP authentication between routers 


TOPOLOGY: 

Setup Ethernet and Serial connectivity for the lab as below: 



S0/0 

172.16.0.1 


Fa 0/0 

192.168.201.1 


/ 


Switch 








\/ 




Fa 0/0 
S0/0 


192.168.201.0/24 

172.16.0.0/16 


S 0/0/1 
172.16.0.2 




Fa 0/C 
192.168.202. 













Fa 0/0 

192.168.202,0/24 


S 0/0/1 


172.16.0.0/16 


TASK: 

• Configure Serial Interface 

• Verify Serial Interface Configuration 

• Configure PPP Authentication (CHAP) 

• Verify Serial Interface set up 

• Troubleshoot PPP Authentication 
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Configure Serial Interface 

CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

CHE (config)# interface serial 0/0 

CHE {config-if)# ip address 172.16.0.1 255.255.0.0 

CHE (config-if)# no shutdown 

CHE (config-if)# clock rate 64000 

CHE (config-if)# encapsulation ppp 

CHE (config-if)# exit 

CHE (config)# 

HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config)# interface serial 0/0/1 

HYD-1 (config-if)# ip address 172.16.0.2 255.255.0.0 

HYD-1 (config-if)# no shutdown 

HYD-1 (config-if)# encapsulation ppp 

HYD-1 (config-if)# exit 

HYD-1 (config)# exit 


Verify Serial Interface Configuration 

CHE - Verification 

CHE # show interface serial 0/0 

Serial0/0 is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 172.16.0.1/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation PPP, loopback not set 
Keepalive set (10 sec) 

LCP Open 

Open: IPCP, CDPCP 


<output omitted> 


CHE # 
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HYD-1 - Verification: 



ZOOM 
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HYD-1 # show interface serial 0/0/1 
SerialO/O/1 is up, line protocol is up 
Hardware is GT96K Serial 
Internet address is 172.16.0.2/16 
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation PPP, loopback not set 
Keepalive set {10 sec) 

LCP Open 

Open: IPCP, CDPCP 
I 

I 

coutput omitted> 

l 

* 

HYD-1# 

Configure PPP Authentication (CHAP) 


CHE - Configuration 
CHE # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
CHE {config) # username HYD-1 password cisco 
CHE {config) # interface serial 0/0 
CHE {config-if) # ppp authentication chap 

CHE {config-if) # end 
CHE# 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # username CHE password cisco 

HYD-1 (config) # interface serial 0/0/1 

HYD-1 (config-if) # ppp authentication chap 

HYD-1 (config-if) # end 

HYD-1# 


Verify Serial Interface 


CHE - Verification 

CHE # show interface serial 0/0 

Serial0/0 is up, line protocol is up 
Hardware is PowerQUICC Serial 
Internet address is 172.16.0.1/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 240/255, txload 1/255, rxload 1/255 
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Encapsulation PPP, loopback not set 
Keepalive set {10 sec) 

LCP Open 

Open: IPCP, CDPCP 

l 

■P 

coutput omitted> 

i 

CHE# 


HYD-1 - Verification : 

HYD-1 # show interface serial 0/0/1 
Serial0/0/l is up, line protocol is up 
Hardware is GT96K Serial 
Internet address is 172.16.0.2/16 
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 nsec, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation PPP, loopback not set 
Keepalive set {10 sec) 

LCP Open 

Open: IPCP, CDPCP 

i 

* 

coutput omitted> 

I 

■P 

HYD-1 # 

Troubleshooting PPP Authentication 

After enabling PPP authentication, if you see the following output means, it means there is a 
problem with authentication configuration. 


CHE # show interface serial 0/0 

Serial0/0 is up, line protocol is down 
Hardware is PowerQUICC Serial 
Internet address is 172.16,0.1/16 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, 
reliability 246/255, txload 1/255, rxload 1/255 
Encapsulation PPP, loopback not set 
Keepalive set (10 sec) 

LCP TERMsent 
Closed: IPCP, CDPCP 

l 

■P 

coutput omitted> 

i 

■p 

CHE# 
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LAB 46: Point-to-Point Protocol over Ethernet {PPPoE) 


OBJECTIVE: 

To configure PPPOE client for accessing Internet. 


TOPOLOGY: 


Setup Ethernet connectivity for the lab as below : 



Fa 0/0 
192.16S.202.1 


INTERNET 




TASK: 

• Configure PPPoE Client on Ethernet Interface 

• Verify PPPoE Client 

• Verify communication from LAN to the Internet 
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Configure PPPoE on Ethernet Interface 

Configure PPPoE on Ethernet Interface to get authenticated by ISP. After successful authentication IP 
addresses and default route are provided by ISP 


HYD-1 - Configuration 
HYD-1 # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

HYD-1 (config) # interface fastethernet 0/1 

HYD-1 (config-if) # no ip address 

HYD-1 (config-if) # pppoe enable 

HYD-1 (config-if) # pppoe-client dial-pool-number 1 

HYD-1 (config-if) # exit 

HYD-1 (config) # interface dialer 1 

HYD-1 (config-if) # mtu 1492 

HYD-1 (config-if) # ip address negotiated 

HYD-1 (config-if) # encapsulation ppp 

HYD-1 (config-if) # ppp authentication pap callin 

HYD-1 (config-if) # ppp pap sent-username cisco password ccna 

HYD-1 (config-if) # dialer pool 1 

HYD-1 (config-if) # ppp ipcp route default 

HYD-1 (config-if) # end 

HYD-1# 


Verify PPPoE Client 

HYD-1 - Verification : 

HYD-1 # show interfaces dialer 1 
Dialerl is up, line protocol is up (spoofing) 

Hardware is Unknown 
Internet address is 202.1.0.18/32 
MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation PPP, LCP Closed, loopback not set 
Keepalive set (10 sec) 

DTR is pulsed for 1 seconds on reset 
Interface is bound to Vi2 

Last input never, output never, output hang never 

Last clearing of "show interface" counters 00:04:10 

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 

Queueing strategy: weighted fair 

Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
Conversations 0/0/16 (active/max active/max total) 

Reserved Conversations 0/0 (allocated/max allocated) 

Available Bandwidth 42 kilobits/sec 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
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4 packets input, 56 bytes 
10 packets output, 548 bytes 
Bound to: 

Virtual-Access2 is up, line protocol is up 
Hardware is Virtual Access interface 
MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usee, 
reliability 255/255, txload 1/255, rxload 1/255 
Encapsulation PPP, LCP Open 
Stopped: CDPCP 
Open: IPCP 

PPPoE vaccess, cloned from Dialer! 

Vaccess status 0x44, loopback not set 
Keepalive set (10 sec) 

! 

coutput omitted> 

! 


0 output buffer failures, 0 output buffers swapped out 


0 carrier transitions 



HYD-1# 




HYD-1 # show ip 

interface brief 



Interface 

IP-Address 

OK? Method Status 

Protocol 

FastEthernetO/O 

192.168.201.1 YES NVRAM up 

up 

FastEthernetO/1 

unassigned 

YES manual up 

up 

Seria 10/0/0 

unassigned 

YES manual administratively down 

down 

SerialO/O/1 

unassigned 

YES manual administratively down 

down 

Dialerl 

202.1.0.18 

YES IPCP up 

up 

Virtual-Accessl 

unassigned 

YES unset up 

up 

Virtual-Access2 

unassigned 

YES unset up 

up 


HYD-1# 

HYD-1 # show ip route 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, M2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level-1, L2 - IS-IS level-2 
ia - IS-IS inter area, * - candidate default, U - per-user static route 
o - ODR, P - periodic downloaded static route, + - replicated route 

Gateway of last resort is 202.1.0.17 to network 0.0. 0.0 


S* 0.0.0.0/0 [1/0] via 202.1.0.17 

10.0. 0.0/8 is variably subnetted, 2 subnets, 2 masks 
C 10.0,0.0/8 is directly connected, FastEthernet0/0 
L 10.0.0.1/32 is directly connected, FastEthernet0/0 

202.1.0. 0/32 is subnetted, 2 subnets 

C 202.1.0.17 is directly connected, Dialerl 
C 202.1.0.18 is directly connected, Dialerl 
HYD-1# 


12 
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Verify communication from LAN to the Internet. 


Verification from PCI 


ping 8. 8.8.8 


PING 8.8. 8.8 (8.8. 8.8) 56(84) bytes 


64 bytes from 8. 8.8. 8 
64 bytes from 8. 8.8. 8 
64 bytes from 8. 8.8. 8 
64 bytes from 8. 8.8. 8 


icmp_seq=l 

icmp_seq=2 

icmp_seq=3 

icmp_seq=4 


of data. 

ttl=62 time=24.0 
ttl=62 time=24,Q 
ttl=62 time=24.1 
ttl=62 time=24,0 


ms 

ms 

ms 

ms 
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LAB 47: PASSWORD RECOVERY 


OBJECTIVE: 

To get access to a router's privilege! mode in case the enable password is forgotten 
To reset the Privilege / Enable mode password of Cisco Router. 

TOPOLOGY: 

Setup Console and Ethernet connectivity for the lab as below: 



Console 



^ HYD-1 . 


N 


FO/O N 

192.168.202.1/24^ 



\ 


\ 

l 

I 

i 


i 


/ 


/ 


✓ 



Computer IP Address 
192.168.202.10/24 


TASK: 

• Establish console connectivity 

• Access router via console with an emulation software 

• Enter Rom Monitor Mode and Change Register Value 

• Load saved configuration to the router {i.e. NVRAM to RAM) 

• Reconfigure Privilege Mode / Enable Password 

• Reset the Configuration Register Value back to the default: 

• Enable the Ethernet interface: 

• Save configuration to the router and restart the router 

• Verify login to the router using new password 
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Establish console connectivity 

Establish console connectivity by connecting router console port to PC Com Port with console cable. 


Access router via console with an emulation software 

Configure the following parameters in emulation software for accessing switch via console port. 




Baud 

9600 


Data bits 8 


Parity 

None 

Stop bits 

1 


Accessing router via console from Microsoft Windows Computer 

• Start a terminal emulator application, such as PUTTY.exe 

• Select Serial option and set speed to 9600. 

• Click Open 



• Once emulation software is ready, Power-ON the switch. 

Accessing router via console from Linux Computer 

• From the terminal enter the below command 

# minicom 
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Enter Rom Monitor Mode and Change Configuration Register Value 

Once emulation software is ready. Press "Ctrl + Break" within 60 sec after POWER-ON. Router will 
Enter Rom monitor mode. 


rommon 1> 


Configure Register Value 0x2142 to skip executing the startup configuration from nvram during 
bootup. 


rommon 1 > confreg 0x2142 
rommon 2 > reset 

After the Router boots-up completely, it enters setup mode as below: 

System Configuration Dialog 

Would you like to enter the initial configuration dialog? [Yes/no]: no 
Would you like to terminate autoinstall? [yes]: yes 

If you choose "Yes", IOS will prompt questions to gather the information to configure the Router, it is 
recommended to choose "no", since we can configure the Router using IOS commands 

Router >enable 

Load saved configuration to the router 

Router # copy startup-config running-config 

Destination filename [running-config]? 

HYD-1 # 

Reconfigure Privilege Mode / Enable Password 

Since we are already in the privilege mode, we can setup a new privilege password. 

HYD-1 # configure terminal 
HYD-1 (config} # enable secret cisco 
HYD-1 (config) # exit 

Reset the Configuration Register Value back to the default: 

HYD-1 (config)# config-register 0x2102 

Enable the Ethernet interface: 

HYD-1 (config)# interface FastEthernet0/0 
HYD-1 (config-if)# no shutdown 
HYD-1 (config-if)# A Z 

Similarly apply the "no shutdown'' command on all required interface 
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Saving configuration to the router and restart the router 

To save configuration on router 

HYD-l#copy running-config startup-config 

Destination filename [startup-config]? 

Building configuration,,, 

SOK] 

HYD-lff 


HYD-1 U reload 


Verify login to the router using new password 

• Access router via telnet and Enter privilege mode using new password. 

telnet 192.168.202.1 
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LAB 48: IOS AND CONFIGURATION BACKUP 


OBJECTIVE: 

To take backup of the IOS and the Router Configuration 

TOPOLOGY: 

Setup Ethernet connectivity for the lab as below: 



F0/0 

192.168.202.1/24 



J 

m 

Computer IP Address 
192.168.202.10/24 

Pre-requisite: 192.168.202.10 computer should have TFTP , FTP and SCP server software installed 
and running. 



TASK: 

• Create a backup of Router Configuration on TFTP Server 

• Verify Configuration file on TFTP server 

• Create a Backup of Router IOS on TFTP Server 

• Verify IOS file on TFTP server 

• Create a backup of Router Configuration on FTP Server 

• Verify Configuration file on FTP server 

• Create a Backup of Router IOS on FTP Server 

• Verify IOS file on FTP server 
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Backup of Router Configuration on TFTP Server 

HYD-l # copy startup-config tftp 

Address or name of remote host []? 192.168.202.10 

Destination filename [HYD-confg]? HYD-TFTP 
1 1 

1514 bytes copied in 0.344 secs (4401 bytes/sec) 

HYD-l# 

Verify backup configuration file on TFTP Server 

Verify the Configuration file on TFTP server, default path is C:\Program Files\TFTPd32 



Backup of Router IQS 

HYD-l # show flash 

System flash directory: 

File Length Name/status 

1 63139972 Aug 01 2016 14:13:20 c2800nm-adventerprisek9-mz.l51-l,T.bin 

856064 bytes available (63156224 bytes used) 

HYD-l# 

HYD-l# copy flash tftp 

Source filename []? C2800NM-ADVENTERPRISEK9-MZ.151-1T.BIN 

Address or name of remote host []? 192.168.202.10 

Destination filename [C2800NM-ADVENTERPRISEK9-MZ, 151-1, T . BIN]? 


1 11 II II M 

1 1 r in i 

ii ii n 

in 

ii ii 

ii ii ii 

m 

ii ii 

mi mi 

i m 1 1 1 1 1 

III! 

Mill II II 

II II 

Mill II II 11 

III 1 1 

1111 1111 Mill 1111 1111 II 

mu ii ii I 

1 11 II II M 

mini 

ii n n 

in 

ii ii 

mm 

m 

ii ii 

m i m i 

in mi ii 

M1I 

Ml MM M 

MM 

Ml IIM Mil 

Till! 

III 1 III III 1 1 1 III 1 III 111 

urn mi i 

1 II II II fl 

i m m 

ii ii ii 

in 

ii ii 

ii n ii 

in 

ii ii 

1 Ml 1 11 1 

1 III 1 Fl! 1 

Mil 

III M II II 

Mil 

III II II MM 

Mill 

III 1 III 1 1 III 1 III 1 III 1 M 

mu m ii i 

i ii ii ii n 

i m rn 

ii ii ii 

in 

ii ii 

min 

m 

mi 

iiiiiiii 

mu mi 

MM 

Ml MM M 

MM 

Ml II II Fill 

Till 




63139972 bytes copied in 264.584 secs (238639 bytes/sec) 
HYD-l# 
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Verify backup IQS file on TFTP server 

Verify the IOS file on TFTP server, default path is C:\Program Files\TFTPd32 



Backup of Router Configuration on FTP Server 


HYD-l # configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
HYD-l (config) # ip ftp username cisco 
HYD-l (config) # ip ftp password ccna 
HYD-l (config) # end 

HYD-l # copy startup-config ftp: 

Address or name of remote host []? 192.168.202.10 
Destination filename [HYD-confg]? HYD-FTP 

Writing HYD-FTP !! 

1557 bytes copied in 0.476 secs (3271 bytes/sec) 

HYD-l# 
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Verify backup configuration file on FTP Server 

Verify the Configuration file on FTP server. 



Backup of Router IQS 

HYD-1 # show flash 
System flash directory: 

File Length Name/status 

1 63139972 Aug 01 2016 14:13:20 c2800nm-adventerprisek9-mz.l51-l.T.bin 

856064 bytes available (63156224 bytes used) 

HYD-1# 

HYD-1# copy flash ftp: 

Source filename []? C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN 

Address or name of remote host []? 192.168.202.10 

Destination filename [C2800NM-ADVENTERPRISEK9-MZ. 151-1. T. BIN]? 


Writing C2800NM-ADVFNTFRPRISFK9-M7 151-1 ."TRIM ! 

inmmrirm 

immrmmmmimmm 

iiimiiii 

miminir 

mmiMMii n n mi 

mrmmmmimim 

iimmiim 

imnm 

MINI 

mimim ii mu ii ii ii ii im 

minim 

minium 

III III 1 1 1 1 1 1 1 III 1 1 Ml 

minimminmi ii ii 

i m m nr 1 1 1 1 

imnm 

Him 

nimimmimmiimimi 

minim 

minium 

IN Ml 1 1ll Ilf 111 1 1 Ml 

iiiriiiFiiimimiiiin 

m m m mi i 

1 1 1 1 1 1 1 1 1 

mm 

1 1 1 1 II ! Ml Ml III III 1 Ml Ml 1 1 11 

MMimn 

immirni 

iiiiiiMiiiiiiinmi 

iiiMiiiiiiiiimiiiiiii 

iiimmim 

lllllllll 

MMM 

mm 



63139972 bytes copied in 264.584 secs (238639 bytes/sec) 
HYD-1# 








Verify backup IQS file on FTP server 

Verify the IOS file on FTP server. 



ZOOM 


TECHNOLOGIES 



Backup of Router Configuration on SCP Server 

HYD-l # copy startup-config scp: 

Address or name of remote host []? 192 . 168 . 202.10 
Destination username [HYD-l]? cisco 
Destination filename [HYD-confg]? HYD-SCP 


Writing HYD-SCP 
Password: ccna 

I] 

1557 bytes copied in 0.476 secs (3271 bytes/sec) 
HYD-l# 


CCNA Lab Manual 


Page 


283 


www.zoomgroup.com 






ZOOM 

TECHNOLOGIES 


Verify backup configuration file on SCP Server 

Verify the Configuration file on SCP server, default path is C:\SFTP_Root. 



Backup of Router IQS 

HYD-l # show flash 
System flash directory: 

File Length Name/status 

1 63139972 Aug 01 2016 14:13:20 c2800nm-adventerprisek9-mz.l51-l T.bin 

856064 bytes available (63156224 bytes used) 

HYD-l# 


HYD-l # copy flash scp: 

Source filename []? C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN 

Address or name of remote host []? 192.168.202.10 
Destination username [HYD-l]? cisco 

Destination filename [C2800NM-ADVENTERPRISEK9-MZ. 151-1. T . BIN]? 


Writing C2800NM-ADVENTERPRISEK9-MZ.151-1T.BIN 
Password: ccna 


r 1 1 1 1 1 1 ii 1 1 r i n r 1 1 

nmmrn 

mnmrmr 

MMMMIM 

MM 

mi m u r 

in i m i m 

III I III M 

Mill 

1 1 1 ii ii 1 1 1 

Miimmii 

mi 

M1MMI 

1 1 M 1 1 1 f 1 f M 11 11 1 1 

minimi 

nmmimi 

rninmn 

MM 

111 1 111 II 

minimi 

Ml 1 11 11 1 

mn 

f 11 II Ml 1 T 

mimimi 

Mil 

iiimir 

immmmmmmim 

minimi 

nmmimi 

iinnniii 

MM 

i in i in r 

Ml 1 Ml 1 111 

III 1 III II 

mu 






63139972 bytes copied in 264.584 secs (238639 bytes/sec) 
HYD-l # 
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Verify backup IQS file on FTP server 

Verify the IOS on SCP server, default path is C:\SFTP_Root. 


I 



File Help 


solarwindi 


Message Type Tine 




Session Type 


Message 



13-08-2016 05:15 Unknown 
13HDS-2016 U6c15 i Unknown 


T 3-08-20 16 05:43 | Urtcnown 
13-08*2016 05.43 Unknown 


Starting... 

Started 


/Authenticated user cisco from IP 193.168.202.1. 

User dsco from IP 132.168202.1 uploading fie to “HYD-SCF. 


13438-2016 05:45 UHcnown 


Authenticated user cisco from IP 1 92.1fiB.2D2. 1 


13-08-2016 05 4 5 Unknown 


User dsco from p 192.163.202.1 uploading file to M c2600hm-adventerpnsek9-rrz 1 51 -1 .Tijjn". 



Service status: ‘^Running * Bound to: 0.0.0.0, t: Root; CASE TP Root 
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LAB 49: 105 Licensing 


OBJECTIVE: 

To understand and install Cisco IOS license on router 


TOPOLOGY: 

Setup Ethernet connectivity for the lab as below: 




Computer IP Address 
192.168.202.10/24 


Pre-requisite: 192.168.202.10 computer should have TFTP server software installed and running. 


TASK: 

• Verify Cisco IOS License 

• Install License on Cisco Router 
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ZOOM 

TECHNOLOGIES 



Verify Cisco IQS License 

HYD-1 # show license 
Index 1 Feature: ipbasek9 
Period left: Lifetime 
License Type: Permanent 

License State: Active, In Use 
License Count: Non-Counted 
License Priority: Medium 
Index 2 Feature: securityk9 
Period left: Life time 
License Type: Permanent 
License State: Active, In Use 
License Count: Non-Counted 
License Priority: Medium 
Index 3 Feature: uck9 

Period left: Not Activated 
Period Used: 0 minute 0 second 
License Type: EvalRightToUse 
License State: Not in Use, EULA not accepted 
License Count: Non-Counted 
License Priority: None 
Index 4 Feature: datak9 
Period left: 8 weeks 3 days 
Period Used: 2 hours 44 minutes 
License Type: Evaluation 

i 

k 

coutput omitted> 

l 

■« 

HYD-1 # 

HYD-1 # show license udi 

Deviceff PID SN UDI 


*0 CISC02911/K9 FGL161710K3 CISCO2911/K9:FGL161710K3 


HYD-1 # 

Installing License on Cisco Router 

HYD-1 # license install tftp:FGL161710K3.lic 
Source filename []?FGL161710K3.lic 
Address or name of remote host []? 192.163.202.10 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

Installing... Featu re :datak9...Successful:Supported 
1/1 licenses were successfully installed 

HYD-1# 

Note: Reload the router and verify license is installed using show license command. 
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CHALLENGE LAB 


NAT ~ QUESTION 

A network associate is configuring a router for the XYZ company to provide internet access. The ISP 
has provided the company 4 public IP addresses from 202.1.0.19 201.1.0.22. The company has 14 
hosts that need to access the internet simultaneously. The hosts in the company LAN have been 
assigned private space addresses in the range of 192.168.201.17 - 192.168.201.30. 


The following has already been configured on the router : 

• The basic router configuration 

• The appropriate interfaces have been configured for NAT inside and NAT outside 

• The appropriate static routes have also been configured 

• All passwords have been temporarily set to "cisco" 


Topology: 


Connectivity and IP address for the lab are as below: 



Fa 0/0 


192.168.201.1 

EB 






Fa 0/0 

192.168.201.0/24 


S 0/0 202.1.0.16/29 


INTERNET 


288 
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NAT -SOLUTION 



ZOOM 


ECHNOLOGIE 


Verify Existing CHE Configuration 


CHE # show running-config 

Using 791 bytes 
! 

version 15.1 

no service timestamps log datetime msec 
no service timestamps debug datetime msec 
no service password-encryption 

i 

a 

hostname CHE 

i 

H 

enable password cisco 

i 

a 

interface FastEthernetO/O 

ip address 192.168.201,1 255.255,255.0 

ip nat inside 

duplex auto 

speed auto 

i 

■ 

1 

■ 

interface Serial0/0/0 

ip address 202.1.0.18 255.255.255.248 

ip nat outside 

i 

■ 

ip route 0.0. 0.0 0.0.0.0 Serial0/0/0 

i 

!■ 

line con 0 
I 

9 - 

line aux 0 

i 

i- 

line vty 0 4 
password zoom 
login 

! 

! 

! 

end 
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ZOOM 

TECHNOLOGIES 



The XYZ company has 14 hosts that need to access the internet simultaneously but we just have 4 
public IP addresses from 202.1.0.19 to 202.1.0.22/29. So we need to configure NAT overload (or PAT), 


Create a NAT pool of global addresses to be allocated with their netmask. i.e. /29 = 255.255.255.248 

CHE (config) # ip nat pool mypool 202.1.0.19 202.1.0.22 netmask 255.255.255.248 

Create a standard access control list that permits the addresses that are to be translated 

CHE (config) # access-list 1 permit 192.168.201.16 0.0.0.15 

Establish dynamic source translation, specifying the access list that was defined in the prior step 

CHE (config) # ip nat inside source list 1 pool mypool overload 

This command translates all source addresses that match theaccess list 1 i.e. source address from 
192.168.201.17 to 192.168.201.30, into an address from the pool named mypool i.e. the pool of ip 
addresses from 202.1.0.19 to 202.1.0.122. Overload keyword allows mapping multiple IP addresses 
to a single registered IP address (many-to-one) by using different ports 


Verify NAT inside and NAT outside statements are configured on correct interfaces. 

CHE (config)# interface F0/0 
CHE (config-if)# ip nat inside 
CHE (config-if)# exit 
CHE (config)# interface S0/0 
CHE (config-if)# ip nat outside 
CHE (config-if)# exit 


Save the configuration using below command 

CHE# copy running-config start up-config 


Verify configuration from a Computer: 

ping 202.1.0.17 

The ping should work and you should get reply packets. 
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ZOOM 

TECHNOLOGIES 



EIGRP- QUESTION 

After adding BAN router, no routing updates are being exchanged between HYD-1 and the new 
location. All other inter connectivity and Internet access for the existing locations of the company are 
working properly. 

The task is to identify the fault(s) and correct the router configuration to provide full connectivity 
between the routers. All passwords on all routers are "cisco" 


Topology: 

Connectivity and IP address for the lab are as below : 


INTERNET 


Fa 0/0 
192,168,201.1 



SO 
172. 16.0.1 


H 

L 

1 



S 0/0/1 
172.16.0,2 



SO/1 
172.17,0,2 


Fa 0/0 

192,168.203. 1 


feE SP 


S 0/0/0 
172,17.0.1 

Fa 0/0 

192.168.202,1 


PP 



9 


as 


_L 


1 




■ . ... 


Fa 0/0 

192,168,201.0/24 


S 0/0 172,16,0,0/16 



UM.Lim 


Fa 0/0 

192.168.202,0/24 


S 0/0/0 172.17.0.0/16 

S 0/0/1 172.16.0.0/16 



Fa 0/0 192,168,203,0/24 

S 0/1 1 72,17,0,0/16 
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EIGRP- SOLUTION 



ZOOM 


TECHNOLOGIE 


Verify Existing CHE Configuration 

CHE # show running-config 

CHE#sh running-config 
Building configuration... 

Current configuration : 837 bytes 
! 

version 15.1 

no service timestamps log datetime msec 
no service timestamps debug datetime msec 
no service password-encryption 

I 

hostname CHE 
! 

<output omitted> 

i 

■ 

interface FastEthernetO/O 

ip address 192.168.201.1 255.255.255.0 

duplex auto 

speed auto 

i 

i 

interface SerialO 

ip address 172.16.0.1 255.255.0.0 
clock rate 64000 

i 

H 

router eigrp 10 
network 172.16.0.0 
network 192.168.201.0 
no auto-summary 

i 

■ 

coutput omitted> 

i 

■ 

1 

■ 

end 

Verify Existing HYD-1 Configuration 

HYD-l # sh running-config 
Building configuration... 

Current configuration : 868 bytes 
i 

l 

version 15.1 

no service timestamps log datetime msec 
no service timestamps debug datetime msec 
no service password-encryption 
! 

hostname HYD-1 
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ZOOM 


TECHNOLOGIE 



coutput omitted> 


interface FastEthernetO/O 
ip address 192,168.202.1 255.255.255.0 
duplex auto 
speed auto 


interface Serial0/0/0 

ip address 172.16.0.2 255.255.0.0 


interface Seria 10/0/1 
ip address 172.17.0.1 255.255.0.0 
clock rate 64000 

! 

router eigrp 10 
passive-interface SerialO/O/l 
network 192.168.202.0 
network 172.16.0.0 
no auto-summary 


coutput omitted> 


end 


Verify Existing BAN Configuration 

BAN # sh running-config 

Building configuration... 

Current configuration: 819 bytes 


version 15.1 

no service timestamps log datetime msec 
no service timestamps debug datetime msec 
no service password-encryption 

i 

■ 

I 

■ 

hostname BAN 

i 

a 

coutput omitted> 

i 

a 

interface FastEthernetO/O 
ip address 192.168.203.1 255.255.255.0 
duplex auto 
speed auto 

i 

s 

interface Serial0/0/0 

ip address 172.17.0.2 255.255.0.0 
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ZOOIV 


TECHNOLOSIE 



router eigrp 11 
network 192.168.203.0 
network 172.17,0.0 
no auto-summary 


ip classless 


coutput omitted> 


end 


From the above outputs, we now know that router BAN is wrongly configured with an AS No. 11 and 
all other routers are configured with AS No. 10. Whenever the AS numbers among routers are 
mismatched, no adjacency is formed. 

To resolve this issue, simply re-configure EIGRP commands on router BAN : 

BAN >enable 

BAN # configure terminal 

BAN (config)# no router eigrp 11 

BAN (config)#router eigrp 10 

BAN (config-router)# network 192.168.203.0 

BAN (config-router)# network 172.17.0.0 

BAN (config-router)# no auto-summary 

BAN (config-router)# end 

Save the configuration using the command below 

BAN# copy running-config startup-config 

From the FIYD-1 output, we had found out 2 issues 

• All networks on HYD-1 are not advertised in EIGRP configuration. 

• passive-interface command given for the interface connected to BAN router 


Advertise Missing Networks in EIGRP Configuration 

FIYD-1 >enable 

FIYD-1 # configure terminal 

FIYD-1 (config)# router eigrp 10 

FIYD-1 (config-router)# network 172.17.0.0 

HYD-1 (config-router) # end 

Disable Passive Interface command for interface connected to BAN router 

HYD-1 (config) # router eigrp 10 

HYD-1 (config-router) # no passive-interface serial 0/0/1 
FIYD-1 (config-router) # end 
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ZOOM 

TECHNOLOGIES 



Save the configuration using below command 

HYD-1 # copy running-config startup-config 

Check the routing table on BAN. You should now be able to see all the routes. 
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